| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. |
| Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. |
| Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. |
| Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php. |
| Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." |
| Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file. |
| SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php. |
| Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. |
| AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. |
| Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. |
| Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. |
| Buffer overflow in AIX dtterm program for the CDE. |
| AIX passwd allows local users to gain root access. |
| PowerNet IX allows remote attackers to cause a denial of service via a port scan. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. |
| The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. |
| The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
| The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. |
| Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. |
