Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values.

PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.

Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.

Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information.

Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.

Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.

Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.