CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.
Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
