| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php. |
| Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML. |
| FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. |
| The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. |
| WWWBoard has a default username and default password. |
| An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. |
| TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. |
| FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. |
| Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. |
| CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. |
| Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. |
| Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. |
| The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key. |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. |
| Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. |
| Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined. |
| Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. |