| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. |
| nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. |
| The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument. |
| Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. |
| index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. |
| SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers. |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. |
| Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. |
| RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. |
| Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. |
| wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. |
| Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. |
| The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. |
| service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. |
| Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility. |
| Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. |
| Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link. |
| Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |