| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. |
| chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. |
| Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents. |
| Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. |
| MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. |
| Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. |
| Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. |
| Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL. |
| Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter. |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php. |
| The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. |
| Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. |
| Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message. |
| SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. |
| SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. |
| SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread. |
| connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field. |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. |
| The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. |
