| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3). |
| Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request. |
| Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters. |
| Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment. |
| Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter. |
| Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. |
| EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. |
| PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. |
| account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. |
| Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. |
| rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. |
| Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. |
| The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. |
| Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. |
| SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. |
| SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. |
| Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. |
