| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. |
| Buffer overflow in INN inews program. |
| Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. |
| The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. |
| Vulnerability in Compaq Tru64 UNIX edauth command. |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). |
| Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php. |
| Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. |
