Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6)...
8.5AI Score
0.006EPSS
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens...
9.2AI Score
0.006EPSS
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage...
9.3AI Score
0.006EPSS
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5)...
9.2AI Score
0.005EPSS
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a...
6AI Score
0.001EPSS
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain...
6.4AI Score
0.0004EPSS
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization...
6.1AI Score
0.0004EPSS
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other...
7.3AI Score
0.103EPSS
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP...
9.6AI Score
0.022EPSS
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and...
7.6AI Score
0.003EPSS
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field.....
7.7AI Score
0.018EPSS
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer...
8.1AI Score
0.007EPSS
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with....
7.8AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website...
8.5AI Score
0.002EPSS
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and....
6.7AI Score
0.006EPSS
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup...
7.3AI Score
0.002EPSS
Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR...
7AI Score
0.005EPSS
Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite....
6.5AI Score
0.004EPSS
Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. ...
5.9AI Score
0.003EPSS
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long...
8.1AI Score
0.918EPSS
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer...
7.2AI Score
0.232EPSS
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory...
7.3AI Score
0.243EPSS
SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id...
8.3AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this...
8.1AI Score
0.006EPSS
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews...
8.2AI Score
0.006EPSS
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir...
7.5AI Score
0.066EPSS
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...
8.4AI Score
0.003EPSS
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password...
8.9AI Score
0.008EPSS
SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP...
8.8AI Score
0.009EPSS
X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access...
7.7AI Score
0.034EPSS
Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name...
5.9AI Score
0.008EPSS
Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename...
7.9AI Score
0.12EPSS
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an.....
6.8AI Score
0.223EPSS
Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8)...
6.2AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the...
5.8AI Score
0.003EPSS
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css...
7.8AI Score
0.036EPSS
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login...
8.6AI Score
0.002EPSS
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain...
7.3AI Score
0.012EPSS
X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain...
6.9AI Score
0.009EPSS
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown...
6.7AI Score
0.0004EPSS
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog...
7.9AI Score
0.038EPSS