| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). |
| Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. |
| SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter. |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. |
| Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. |
| The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
| Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. |
| Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. |
| Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. |
| SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. |
| Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. |
| account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. |
| kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs. |
| The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. |
| Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service. |
| Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters. |
| Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. |
| Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. |
| The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. |
