| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. |
| BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards. |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. |
| Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. |
| Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. |
| Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared. |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. |
| Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action. |
| Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php. |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. |
| Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. |
| PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter. |
| CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. |
| pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown. |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. |
| Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. |
| Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier. |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. |
