| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. |
| oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters. |
| Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. |
| Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. |
| The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. |
| Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. |
| Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. |
| Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. |
| klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. |
| The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. |
| Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. |
| SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php. |
| Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname. |
| CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. |
| IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. |
| Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files. |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. |
| SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. |
| Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. |
