| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. |
| SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. |
| suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. |
| Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. |
| Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter. |
| slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. |
| Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. |
| Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. |
| Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. |
| Vulnerability in WebCalendar 0.9.26 allows remote command execution. |
| The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. |
| toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. |
| Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands. |
| Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages. |
| Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. |
| CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. |
| Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. |
