| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory. |
| Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. |
| CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections. |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." |
| SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. |
| Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. |
| MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. |
| SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259. |
| Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. |
| Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. |
| Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". |
| The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. |
| Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. |
| Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. |
| Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. |
