| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log". |
| The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. |
| Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. |
| The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. |
| Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. |
| SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. |
| filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. |
| Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. |
| Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. |
| POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages. |
| Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. |
| Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. |
| Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031. |
| NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. |
| NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. |
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. |
| Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence." |
