| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. |
| Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). |
| Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. |
| Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network. |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. |
| Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model. |
| Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. |
| WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability. |
| Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument. |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. |
| WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. |
| The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001. |
| useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. |
| ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. |
| Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. |
| Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. |
| The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets. |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. |