| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. |
| The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. |
| jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. |
| Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. |
| Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. |
| Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data. |
| Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. |
| Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection. |
| Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. |
| dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. |
| Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. |
| Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. |
| PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. |
| ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop. |
| SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. |
| Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." |
| Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. |
