| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. |
| Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. |
| Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors. |
| Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. |
| SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. |
| Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports. |
| Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358. |
| Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. |
| surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. |
| The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. |
| The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. |
| Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. |
| The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. |
| Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. |
| Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter. |
