| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. |
| Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information. |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. |
| Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. |
| Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. |
| Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. |
| Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use |
| WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header. |
| SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. |
| Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. |
| Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. |
