| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. |
| Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. |
| PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." |
| Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. |
| The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. |
| The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. |
| Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort). |
| Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. |
| Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors. |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. |
| The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. |
| fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. |
| The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. |
| Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. |
| Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. |
| Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. |
| The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. |
| The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. |
| Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. |
