| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet. |
| Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. |
| PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. |
| Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors. |
| Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename. |
| The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. |
| The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. |
| LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow. |
| Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view. |
| Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. |
| mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. |
| The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). |
| OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. |
| The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. |
| Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages. |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. |
| The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. |
