Vulnerabilities (CVE)

Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments.

Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied.

BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.

Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter ... Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.

Show More

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.

Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.

Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign.

Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.

Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.

SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.

TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314.

The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.

Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.

PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.

Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.

Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.

annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.

SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface.

BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).

Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.