| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. |
| vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. |
| The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. |
| Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. |
| Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. |
| Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. |
| Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. |
| Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. |
| Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. |
