| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. |
| upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter. |
| contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. |
| Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. |
| Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story. |
| index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. |
| Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field. |
| Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. |
| Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. |
| Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. |
| PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter. |
| Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. |
| Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. |
| Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors. |
| Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. |
