| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. |
| Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. |
| PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. |
| Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. |
| Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. |
| Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. |
| newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
| webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. |
| Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. |
| fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. |
| viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened. |
| everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. |
| Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. |
| The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server. |
| Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. |
