| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. |
| MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. |
| Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages. |
| Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. |
| Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. |
| Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. |
| Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. |
| Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. |
| Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. |
| Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code. |
| Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. |
| Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. |
