| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. |
| Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. |
| PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected |
| Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. |
| Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. |
| SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. |
| Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. |
| SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
| Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive. |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. |
| Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. |
| Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields. |
| Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks. |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. |
| Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql. |
| Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. |
| Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands. |
| The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. |
