| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable. |
| Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. |
| Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. |
| OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. |
| A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. |
| Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors. |
| Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. |
| Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields. |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. |
| NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. |
| Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection. |
| Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. |
| Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. |
