| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01. |
| The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. |
| Denial of service in MDaemon WorldClient and WebConfig services via a long URL. |
| Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. |
| Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter. |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. |
| Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. |
| SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. |
| Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. |
| PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. |
| na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
| DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. |
| The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. |
| SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. |
| Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." |
| SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. |
