| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. |
| Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. |
| The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. |
| reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. |
| reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd. |
| Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command. |
| sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter. |
| Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. |
| auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. |
| SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. |
| Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. |
| Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. |
| Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command. |
| Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. |
| Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. |
