| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. |
| Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. |
| SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username. |
| Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). |
| Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges. |
| PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. |
| Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter. |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. |
| show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields. |
| Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive. |
| Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command. |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. |
| Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. |
