| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request. |
| Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. |
| The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning. |
| Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption). |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. |
| The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code. |
| The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file. |
| Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file. |
| Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. |
| Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter. |
| Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. |
| Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file. |
| Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name. |
| Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. |
| WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?"). |
| byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php. |
| MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants. |
| X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file. |
| Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. |
