| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. |
| SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. |
| Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program. |
| PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed. |
| fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers. |
| sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). |
| Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename. |
| Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter. |
| Buffer overflow in uucp in AIX 4.3.3. |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. |
| SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. |
| CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. |
| ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. |
| xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. |
| Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request. |
| Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter. |
| Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar. |
| Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. |
