| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. |
| asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. |
| Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. |
| SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. |
| Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. |
| The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter. |
| Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. |
| SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server. |
| Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
| ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption. |
| SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. |
| Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. |
| The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. |
| The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. |
| Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. |
