| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. |
| CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. |
| Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. |
| The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. |
| Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. |
| Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php. |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. |
| SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. |
| HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. |
| Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. |
| Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. |
| Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. |
| Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. |
| Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. |
| Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. |
| Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. |
