| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo. |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. |
| The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite. |
| Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". |
| Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. |
| Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. |
| SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header. |
| NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. |
| Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. |
| PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. |
| Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. |
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. |
| PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined |
| Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line. |
| MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module. |
| Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino. |
