| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command. |
| Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. |
| VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. |
| Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords. |
| The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. |
| Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode." |
| SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action. |
| Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. |
| Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. |
| CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." |
| Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. |
| The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. |
| ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header. |
| Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
