| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access. |
| Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser. |
| Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults. |
| SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. |
| PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. |
| Buffer overflow in INN inews program. |
| Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. |
| SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. |
| Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. |
| libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." |
| PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extract function call. |
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. |
| Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. |
| The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. |
| Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. |
| jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). |
| Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. |
| McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. |
