| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in FreeBSD gdc program. |
| Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
| xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. |
| Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. |
| A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field. |
| Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. |
| FreeBSD gdc program allows local users to modify files via a symlink attack. |
| Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. |
| SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
| Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. |
| Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. |
| Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file. |
| Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. |
| PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. |
| Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI. |
