| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument. |
| Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. |
| Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. |
| SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter. |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. |
| SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter. |
| NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. |
| The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. |
| Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode. |
| Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. |
| Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. |
| Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. |
| Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. |
| Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. |
| gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. |
| Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter. |
| The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code. |
