| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. |
| The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. |
| SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. |
| Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. |
| c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. |
| FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image. |
| Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial. |
| The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
| Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. |
| Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. |
| one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script. |
| Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. |
| Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. |
| Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. |
| ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. |
| Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
| Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors. |
