| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. |
| Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. |
| OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. |
| Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. |
| CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. |
| ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. |
| search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. |
| Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. |
| Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. |
| Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. |
| Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. |