| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. |
| Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. |
| Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." |
| SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. |
| rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. |
| login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. |
| Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. |
| Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges. |
| Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. |
| Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. |
| Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump. |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. |
| Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. |
| Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. |
| High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
