CVE-2005-4848
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. Date published :...
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. Date published :...
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via...
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. Date published : 2007-06-29 http://www.securityfocus.com/bid/28474 http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. Date published : 2007-06-29 http://www.securityfocus.com/bid/28474 http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. Date published : 2007-06-29 http://www.securityfocus.com/bid/28474 http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows...
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML...
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. Date published : 2007-06-29 http://www.securityfocus.com/bid/24692 http://www.kaspersky.com/technews?id=203038700
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. Date published : 2007-06-29...
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie. Date published : 2007-06-29 http://www.securityfocus.com/bid/24694 http://www.securityfocus.com/archive/1/472437/100/0/threaded
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data...
Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." Date published : 2007-06-29 http://www.securityfocus.com/bid/24699...
Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. Date published : 2007-06-29 http://www.0x000000.com/?i=363 http://osvdb.org/38955
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro...