| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. |
| The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. |
| The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. |
| Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. |
| Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
| nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. |
| Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. |
| Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. |
| The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. |
| SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. |
| Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. |
| ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. |
| The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. |
| Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option. |
| Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
