| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. |
| The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. |
| There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. |
| konversation before 1.2.3 allows attackers to cause a denial of service. |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. |
| Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. |
| Dump Servlet information leak in jetty before 6.1.22. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| overkill has buffer overflow via long player names that can corrupt data on the server machine |
| A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . |
| pixelpost 1.7.1 has XSS |
| pixelpost 1.7.1 has SQL injection |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. |
| Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. |
| dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. |
| ytnef has directory traversal |
