| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. |
| Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters. |
| netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. |
| The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. |
| Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. |
| Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. |
| Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit. |
| Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. |
| Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. |
| betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0. |
| bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. |
| Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. |
| index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter. |
| Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. |
| Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. |
| Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. |
| Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. |
| betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. |
| /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. |
