| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. |
| Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. |
| PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. |
| Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations |
| Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. |
| Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. |
| Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. |
| SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. |
| Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi. |
| Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters. |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. |
| Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges. |
| Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter. |
| Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. |
| Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter. |
