| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. |
| ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. |
| Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. |
| Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. |
| Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. |
| Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php. |
| Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. |
| Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. |
| Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. |
| Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. |
| IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. |
| FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. |
