| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. |
| pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. |
| Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request. |
| Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". |
| Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. |
| Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| Delete or create a file via rpc.statd, due to invalid information. |
| Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. |
| Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| root privileges via buffer overflow in pset command on SGI IRIX systems. |
| Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. |
| Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. |
| Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. |
| The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session. |
