| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. |
| popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message. |
| SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. |
| calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. |
| Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. |
| The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. |
| HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. |
| Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. |
| WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. |
| Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. |
| Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter. |
| Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
| Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. |
| Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. |
| Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. |
| Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. |
