NVD-CWE-Other

Cross-site scripting (XSS) vulnerability in the “download wiki page as text” feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain “unsafe” situations, which has unknown impact and remote attack vectors.

Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a “low critical exploit.”

Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.

SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.