| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command. |
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. |
| Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. |
| Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. |
| PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. |
| Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files. |
| Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file. |
| Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file. |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. |
| A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. |
| OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. |
| Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors. |
| Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. |
| Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. |
| NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. |
