| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. |
| IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. |
| Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. |
| Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. |
| PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. |
| SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. |
| PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. |
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. |
| Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. |
| PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. |
| Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. |
| SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. |
| SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. |
