| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. |
| PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. |
| Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. |
| Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. |
| Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request. |
| PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. |
| Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. |
| The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. |
| Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. |
| SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. |
| Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php. |
| SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. |
| NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE |
| Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
