| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. |
| Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. |
| The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. |
| The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. |
| Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. |
| Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. |
| Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. |
| Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. |
| Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. |
| Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. |
| SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. |
| Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. |
| Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. |
