| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. |
| Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. |
| Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. |
| Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. |
| Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version. |
| Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll. |
| Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message. |
| The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. |
| oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value. |
| Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. |
| Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." |
| The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call. |
| A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic. |
| Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. |
| logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp. |
| Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. |
| Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. |
| Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value. |
| Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. |
| flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack. |