NVD-CWE-Other

PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.

Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.

Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an “integer cast around.”