| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. |
| Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. |
| The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. |
| Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. |
| The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. |
| The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions. |
| The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. |
| ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block. |
| Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. |
| EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). |
| Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server. |
| eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. |
| Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. |
| Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive. |
| Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. |
