| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. |
| Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. |
| Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. |
| Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings. |
| SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields. |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. |
| Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
| News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. |
| SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. |
| rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. |
| MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information. |
| The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. |
| Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. |
| Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. |
| Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. |
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. |
| PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. |
