| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. |
| The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie. |
| AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. |
| eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. |
| Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. |
| Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. |
| PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. |
| SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. |
| The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. |
| UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. |
| ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. |
| PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. |
| The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. |
| The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. |
| Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. |
| Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash). |
| Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. |
| VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. |
| SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. |
