| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. |
| SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. |
| Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. |
| SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
| Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive. |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. |
| Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. |
| Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields. |
| Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks. |
| The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
| TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. |
| Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql. |
| Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. |
| Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands. |
| The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. |
| The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. |
| The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. |
| Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. |
| Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. |
