| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat. |
| Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. |
| Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter. |
| PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code. |
| VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. |
| Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. |
| Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. |
| Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter. |
| Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages. |
| Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. |
| Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. |
| The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. |
| Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. |
| Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request. |
| Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command. |
| Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. |
| MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. |
| FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//). |
| Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. |
