| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. |
| The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. |
| Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. |
| Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. |
| Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. |
| Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. |
| Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type. |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. |
| Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). |
| Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. |
| Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API. |
| Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. |
| Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. |
| Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. |
