| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. |
| Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. |
| Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. |
| Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. |
| Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file. |
| Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. |
| Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. |
| Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV. |
| Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. |
| fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. |
| Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information. |
| tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. |
| Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." |
| SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
