| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files. |
| Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header. |
| Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname. |
| PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. |
| Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME. |
| Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname. |
| Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). |
| Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. |
| SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter. |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. |
| Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. |
| mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. |
| admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. |
| Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. |
| Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. |
| SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file. |
| Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. |
| The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." |
| Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message. |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. |
