| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. |
| Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. |
| Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. |
| Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php. |
| SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. |
| Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page. |
| Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. |