| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. |
| kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. |
| SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. |
| Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
| Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458. |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. |
| Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. |
| tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/. |
| Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. |
| Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/. |
| Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter. |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. |
| Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. |
| Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. |
| Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). |
| Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most environments, since it is not marked as safe for scripting. |
