| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code. |
| Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. |
| The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method. |
| The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. |
| X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. |
| Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. |
| PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. |
| Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. |
| PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. |
| The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. |
| Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view. |
| The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. |
| X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. |
| Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request. |
| The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. |
| Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. |
