| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox. |
| Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. |
| Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. |
| Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers. |
| Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler." |
| Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. |
| FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. |
| Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. |
| Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. |
| The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. |
| Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." |
| Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." |
| Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors. |
| Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action. |
| Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. |
| libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. |
| xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. |
| Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. |