| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. |
| Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort). |
| Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. |
| Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors. |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. |
| The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. |
| fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. |
| The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. |
| Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. |
| Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. |
| Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. |
| The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. |
| The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. |
| Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error). |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. |
| Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. |
| Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. |
| Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages. |
