| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HP-UX vgdisplay program gives root access to local users. |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. |
| Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. |
| SSH 1.2.25 on HP-UX allows access to new user accounts. |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. |
| AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
| A router or firewall allows source routed packets from arbitrary hosts. |
| SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| Linux ftpwatch program allows local users to gain root privileges. |
| Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. |
| mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
| HP ypbind allows attackers with root privileges to modify NIS data. |
| disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. |
