| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. |
| Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information. |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. |
| SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. |
| URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). |
| Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. |
| SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter. |
| Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter. |
| SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket. |
| Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. |
| Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash). |
| The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges. |
