| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. |
| Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). |
| Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. |
| sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. |
| syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments. |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. |
| Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. |
| traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). |
| Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. |
| Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. |
| Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. |
| WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. |
| Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. |
| Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname. |
| Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. |
| SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. |
