| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. |
| rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file. |
| MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. |
| Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. |
| Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags. |
| Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue. |
| Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. |
| Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. |
| Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file. |
| 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. |
| Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. |
| Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. |
| Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. |
| Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. |
| ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files. |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. |
