| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. |
| SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. |
| Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. |
| The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. |
| Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. |
| Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. |
| ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. |
| Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. |
| phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. |
| SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. |
| FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings. |
| Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. |
| PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php. |
| Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php. |
| Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. |
