| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. |
| AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content. |
| login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". |
| Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. |
| ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
| Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. |
| Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field. |
| Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. |
| Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. |
| Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. |
| index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". |
| PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter. |
| TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. |
| Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. |
| Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. |
| Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. |
