| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. |
| Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag. |
| Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. |
| Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. |
| Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. |
| Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request. |
| Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request. |
| Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. |
| PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. |
| SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. |
| The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name. |
| Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. |
| Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. |
| Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. |
| Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field. |
| xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges. |
| Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." |
| Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. |
| Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. |