| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| fpkg2swpk in HP-UX allows local users to gain root access. |
| SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. |
| HP ypbind allows attackers with root privileges to modify NIS data. |
| Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. |
| Buffer overflow in Linux su command gives root access to local users. |
| Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Buffer overflow in Solaris kcms_configure command allows local users to gain root access. |
| FreeBSD mmap function allows users to modify append-only or immutable files. |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. |
| SGI syserr program allows local users to corrupt files. |
| SGI mediad program allows local users to gain root access. |
| Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. |
| Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. |
| Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter. |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. |
| SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php. |
| rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. |
| Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. |
| Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. |
