Vulnerabilities (CVE)

Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are en ... Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively.

Show More

Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.

Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error mess ... Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.

Show More

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.

Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.

The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.

Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.

Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.

cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.

Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.

Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."

Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.

Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request.

Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").

PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.