TCExam contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'backup_file' parameter upon submission to the /admin/code/tce_edit_backup.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

PHP contains multiple unspecified vulnerabilities. No further details have been provided. As of July 20, 2010, David Litchfield / NGS has not replied to mails asking for details about the vulnerabilities discovered.

Windows contains a flaw that may allow a malicious remote user to execute arbitrary code. The issue is triggered by a flaw that allows an attacker to replay the NTLM credentials of a client user. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Thatware contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'auth.inc.php' script not properly sanitizing user-supplied input to the 'user' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' or 'icons' variables upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0519" target="_blank">CVE</a>)</span> :

Madirish Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'lib/addressbook.php' script not properly sanitizing user input supplied to the 'GLOBALS[basedir]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

UseModWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the user-submitted content upon submission to the 'wiki.pl' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0819" target="_blank">CVE</a>)</span> :

Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1748" target="_blank">CVE</a>)</span> :

A REMOTE overflow exists in BadBlue http Server. The BadBlue http Server fails to validate the mfcisapicommand parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

PayProCart contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker uses a cross-site scripting style attack to include the usrauthstamp.php script, which will disclose arbitrary user's IP addresses resulting in a loss of confidentiality.

phpmyfamily contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'track.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1425" target="_blank">CVE</a>)</span> :

PHP Live! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/traffic/knowledge_searchm.php' script not properly sanitizing user-supplied input to the 'questid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'loadparser.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'categories_add.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'categories_remove.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'edit.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'editdel.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'ftpfeature.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'login.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'pgRSSnews.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'showcat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'upload.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'archive_cat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'archive_nocat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'recent_list.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Internet Explorer contains a flaw that may allow a malicious user to access documents served from another web site. The issue is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. It is possible that the flaw may allow a malicious website to access properties of a site in an arbitrary external domain in the context of the victim user's browser resulting in a loss of confidentiality.

A buffer overflow exists in Mac OS X. slpd fails to validate the attr-list field of registration requests resulting in a stack overflow. With a specially crafted request, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

Input passed to the "option" parameter in "index.php" is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected web site.

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5663" target="_blank">CVE</a>)</span> :

Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SYS.LT package not properly sanitizing user-supplied input to the MERGEWORKSPACE procedure. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0885" target="_blank">CVE</a>)</span> :

Interspire FastFind contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'query' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-5758" target="_blank">CVE</a>)</span> :

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1235" target="_blank">CVE</a>)</span> :

phpMyFAQ versions < 2.5.5 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the sitemap&lang, search&search, search&tagging_id, artikel&highlight, artikel&artlang, sitemap&letter, show&lang, show&cat, news&newsid=1&newslang, send2friend&artlang, send2friend&cat, send2friend&id, translate&srclang, translate&id, translate&cat, add&cat, add&question parameters upon submission to the index.php?action= script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the ...

Axis2 contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to the services applet not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the xsd parameter. This flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

A local overflow exists in Excel. The product fails to verify the length of BOOLERR records in the BIFF file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbityrary code execution resulting in a loss of integrity.

Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1427" target="_blank">CVE</a>)</span> :

Windows contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when certain DHTML methods are used, leading to a race condition when one thread reads data from memory that has either been overwritten by another thread or has not yet been initialized by another thread. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

A memory corruption flaw exists in Opera. The program fails to sanitize user-supplied input when handling frameset constructs during page unloading, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.

Local Market Explorer Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'api-key' parameter upon submission to the wp-content/plugins/local-market-explorer/modules/walk-score-iframe.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

BIRT contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the '__report' parameter upon submission to the birt-viewer/run script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered by a null pointer dereference in the kernel's handling of code signatures in the cs_validate_page function, and will result in loss of availability for the platform.

A remote overflow exists in Windows. The GDI32.dll PlayMetaFileRecord() API fails to validate Windows metafile-format images resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

A local overflow exists in Office, Project, Visio and Office for Mac. MSO.DLL fails to validate Office documents resulting in a buffer overflow. With a specially crafted file containing a malformed string, an attacker can cause arbitrary code execution resulting in a loss of integrity.

By default, EZPhotoSales installs with a default password. The admin account has an empty password which is publicly known and documented. This allows attackers to trivially access the program or system.

Microsoft Vista BitLocker Drive Encryption is prone to a flaw in the way it loads dynamic-link libraries (e.g., fveapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with ...

Mingle Forum Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the BBCode input in the 'message' parameter upon submission to the wp-content/plugins/mingle-forum/wpf-insert.php script before displaying it to the user in the wp-content/plugins/mingle-forum/wpf.class.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the Java Servlet which is in turn passed to the error handler. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Saurus CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'classes/excel/class.writeexcel_workbook.inc.php' script not properly sanitizing user input supplied to the 'class_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

Saurus CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'classes/excel/class.writeexcel_worksheet.inc.php' script not properly sanitizing user input supplied to the 'class_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3704" target="_blank">CVE</a>)</span> :

IBM WebSphere contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the Java Servlet which is in turn passed to the error handler. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

A use-after-free condition exists in RealPlayer. By setting properties in rmoc3260.dll ActiveX control in a certain way, it is possible to overwrite heap management structures, resulting in redirection of execution flow when these corrupted heap blocks are freed. This issue can be exploited by a context-dependent attacker to execute arbitrary code in the context of the user running the host application, typically Internet Explorer.

Microsoft Windows Movie Maker is prone to a flaw in the way it loads Object Linking and Embedding (OLE) Control Extension files (e.g., hhctrl.ocx). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code ...

Data Access Components (DAC) contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the 'Execute' method frees memory in a way that circumvents the script interpreter's memory manager. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Microsoft Windows Internet Connection Signup Wizard is prone to a flaw in the way it loads dynamic-link libraries (e.g., smmscrpt.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run ...

Microsoft WMI Administrative Tools contains a flaw related to the WBEMSingleView.ocx ActiveX control. The issue is triggered when a context-dependent attacker uses a crafted webpage to send an argument to the 'AddContextRef' or 'ReleaseContext' method. This may allow an attacker to execute arbitrary code.

Lotus Domino HTTP Service contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate that javascript has not been injected in the URL for a non-exiting script, and returns the URL in the error message. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of ...

ScadaTec ScadaPhone and ModbusTagServer are prone to an overflow condition. The applications fail to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted ZIP file, a context-dependent attacker can potentially cause arbitrary code execution.

obSuggest Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'controller' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only ...

A remote overflow exists in Windows. The LSA (Local Security Authority) Service fails to validate some input received on the LSARPC named pipe over TCP ports 139 and 445 resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

AChecker contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the user/user_create_edit.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

AChecker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the themes/default/language/language_add_edit.tmpl.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Additionally, the program may disclose the software's installation path. While such information is relatively low risk, it is often ...

AChecker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the themes/default/user/user_group_create_edit.tmpl.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Additionally, the program may disclose the software's installation path. While such information is relatively low risk, it is often ...

AChecker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'p' parameter upon submission to the documentation/frame_header.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Additionally, the program may disclose the software's installation path. While such information is relatively low risk, it is often ...

AChecker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'myown_patch_id' parameter upon submission to the updater/patch_edit.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Additionally, the program may disclose the software's installation path. While such information is relatively low risk, it is often ...

AChecker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the user/user_create_edit.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Additionally, the program may disclose the software's installation path. While such information is relatively low risk, it is often ...

X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to product.php not properly sanitizing user input supplied to the 'xcart_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

AChecker contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the updater/patch_edit.php script not properly sanitizing user-supplied input to the 'myown_patch_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Microsoft Foundation Classes Library is prone to an overflow condition. The 'UpdateFrameTitleForDocument' method in the 'CFrameWnd' class in 'mfc42.dll' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted long window title, a context-dependent attacker can potentially execute arbitrary code.

Novell eDirectory contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because application writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file resulting in a loss of confidentiality.

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when calling the 'setSlice' method of the WebViewFolderIcon.WebViewFolderIcon.1 ActiveX object with the first parameter set to 0x7fffffff. This causes an invalid memory copy and may result in arbitrary code execution and/or a loss of availability for the browser.

Microsoft Internet Information Services contains a flaw related to the handling of basic directory authentication. The issue is triggered when a remote attacker appends the NTFS stream name and type to the directory name in a request. This may allow an attacker to bypass authentication permissions.

YaBB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate content inserted into [IMG][/IMG] image links upon submission to the script that handles forum messages and replies. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0920" target="_blank">CVE</a>)</span> :

Sun AnswerBook2 contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a HTTP GET request containing an enconded % character, and will result in loss of availability for the service.

CA eTrust SiteMinder contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate SMAUTHREASON parameters upon submission to the 'smpwservices.fcc' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4812" target="_blank">CVE</a>)</span> :

Collabtive contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the managechat.php script not properly sanitizing user-supplied input to the uid parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6561" target="_blank">CVE</a>)</span> :

IPplan contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the grp parameter upon submission to the admin/usermanager script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

DNS4Me contains a flaw that may allow a remote denial of service. The issue is triggered when sending a large amount of data to port 80, which causes the service to consume all available CPU resources and eventually crash resulting in a loss of availability.

Microsoft Windows Live Mail is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the ...

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2536" target="_blank">CVE</a>)</span> :

Microsoft Windows is prone to an overflow condition. The 'BowserWriteErrorLogEntry' function in the CIFS browser service in 'Mrxsmb.sys' or 'bowser.sys' in Active Directory fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted BROWSER ELECTION message, a remote attacker can potentially execute arbitrary code.

A flaw exists in the Microsoft DDS Library Shape Control COM object component that allows arbitrary code execution when opening a specially crafted HTML file.

Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1708" target="_blank">CVE</a>)</span> :

AContent contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'p' parameter upon submission to the /documentation/frame_header.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

AContent contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'p' parameter upon submission to the /documentation/frame_content.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.