| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. |
| SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. |
| PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. |
| Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. |
| Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands. |
| Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command. |
| Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. |
| An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. |
| nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. |
| PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. |
| Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows remote attackers to execute arbitrary code via crafted mesh files. |
| Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command. |
| pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file. |
| search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter. |
| Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected. |
| Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute. |
| Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. |
| Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter. |
| Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. |
