| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. |
| The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. |
| The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. |
| Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01. |
| Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. |
| Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. |
| Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php. |
| Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php. |
| Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). |
| votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter. |
| ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. |
| newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. |
| SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue. |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
| POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. |
| Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. |
| PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. |
