| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. |
| Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". |
| Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. |
| Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." |
| Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. |
| Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." |
| Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. |
| Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. |
| Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. |
| Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors. |
| The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. |
| The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. |
| The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656. |
| Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix." |
| Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. |
| Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. |
