| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. |
| Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. |
| Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. |
| SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. |
| SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. |
| The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass. |
| SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. |
| Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. |
| Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. |
| SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. |
| Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). |
| Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp. |
| Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field. |
| Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. |
| Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. |
