| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. |
| Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors. |
| ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. |
| Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. |
| Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. |
| Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
| reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. |
| Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. |
| Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. |
| reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd. |
| Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. |
| The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. |
| sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter. |
| Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. |
| Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command. |
| apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. |
| rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability. |