| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. |
| ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. |
| SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters. |
| The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php. |
| SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. |
| Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages. |
| Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. |
| Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. |
| The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value. |
| Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. |
| Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. |
| Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. |
| Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. |
| MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences. |
| SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. |
| Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client. |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. |
| Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. |
| e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. |
