| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. |
| Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. |
| ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. |
| Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. |
| HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. |
| Denial of service in WinGate proxy through a buffer overflow in POP3. |
| Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status |
| GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). |
| SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled. |
| Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files. |
| Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. |
| A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. |
| SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. |
| Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. |
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. |
| There is a one-way or two-way trust relationship between Windows NT domains. |
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". |
| Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet. |