VulnAware.com

The links panel in Opera before 9.62 processes Javascript within the context of the “outermost page” of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

Heap-based buffer overflow in Adobe PageMaker 7.0.1 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.

The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted EMF file associated with a StarOffice/StarSuite document.

pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. NOTE: some of these details are obtained from third party information.

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.

Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.

Stack-based buffer overflow in Adobe PageMaker 7.0.1 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169.

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.

Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.

tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to “admin.”

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read “files attached to content” via unknown vectors.

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.