CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
Adserve, Alert_before_you_post, Blix, Blixed, Blixkrieg, Captcha, Cryptographp, Dean_logan_wp-people_plugin, Debug_bar, Download_monitor_plugin
2017-09-29
N/A
N/A
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Affiliate_network_pro, Article_manager_pro, Askme, Askme_pro, E-friends, Epay, Forum_pay_per_post_exchange, Live_support, Sendit, Sms_text_messaging_enterprise
2017-09-29
N/A
N/A
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."