| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. |
| Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name. |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
| Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
| paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. |
| Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. |
| SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900. |
| 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. |
| Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. |
| Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. |
| The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. |
| Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. |
| Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. |
| syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. |
| SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. |
| Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command. |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. |
| Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. |
