| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. |
| PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter. |
| Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. |
| The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. |
| Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. |
| HP CDE program includes the current directory in root's PATH variable. |
| Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. |
| Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php. |
| The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. |
| Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe. |
| Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter. |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
| Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. |
| The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. |
| Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace. |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. |
| Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements. |
| Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files. |
