| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. |
| Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. |
| Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. |
| Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php. |
| Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. |
| Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages. |
| Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges. |
| Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument. |
| tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file. |
| Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack. |
| Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. |
| The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. |
| Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. |
| Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
