NVD-CWE-Other

Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.

Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.

The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.

Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.