| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. |
| The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. |
| Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet. |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. |
| Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter. |
| Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function. |
| Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. |
| Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. |
| Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts. |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). |
| Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket. |
| Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. |
| Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet. |
| Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE). |
