| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. |
| The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. |
| Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. |
| The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. |
| Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. |
| The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. |
| Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. |
| Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. |
| Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages. |
| SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. |
| Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. |
| Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php. |
| index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. |
| simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. |
| SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp. |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." |
| Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. |
