Oracle Application Server contains an unspecified flaw related to the Report Server component that may allow an attacker to manipulate arbitrary data. No further details have been provided.
Oracle Application Server contains an unspecified flaw related to the Forms component that may allow an attacker to cause a denial of service. No further details have been provided.
Oracle Application Server contains an unspecified flaw related to the mod_plsql component that may allow an attacker to manipulate arbitrary data. No further details have been provided.
OpenH323 Gatekeeper contains an overflow in the socket handle/select code that may allow an attacker to execute arbitrary code. No further details have been provided.
(Description Provided by CVE) : PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
(Description Provided by CVE) : helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
(Description Provided by CVE) : Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
Oracle Database contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'DIRECTORY' objects which contains the location of a specific operating system directory, that may allow a remote attacker with read privileges to disclose sensitive information resulting in a loss of confidentiality.
A local overflow exists in Mac OS X. The semop() system call fails to validate a user-supplied nsops integer variable resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
A local overflow exists in Mac OS X. The searchfs() function fails to validate user-supplied values of searchblock.sizeofsearchparams1 and searchblock.sizeofsearchparams2 resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
NodeZilla contains a flaw related to the authentication protocol that may allow an attacker to enumerate valid accounts. No further details have been provided.
(Description Provided by CVE) : Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
(Description Provided by CVE) : Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
CMSimple Content Management System contains flaws that allow a remote cross site scripting attack. These flaws exist because the application does not validate user-supplied variables upon submission to the search and guestbook modules. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
(Description Provided by CVE) : Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
(Description Provided by CVE) : Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames."
Squid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity.
ITA Forum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the fid variable in the showforum.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
