| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL. |
| Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. |
| NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. |
| SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. |
| The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs. |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. |
| Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. |
| Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. |
| Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. |
| The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. |
| Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. |
| ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. |
| Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file. |
| OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. |
