| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename. |
| PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed. |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. |
| Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. |
| The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. |
| A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. |
| Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
| Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. |
| Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. |
| Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter. |
| Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. |
| Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter. |
| OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." |
| Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. |
