| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. |
| Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands. |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). |
| Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL. |
| SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. |
| Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. |
| SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. |
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. |
| PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution |
| DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script. |
| Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. |
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. |
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. |
| mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. |
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. |
| Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. |
