| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options. |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. |
| Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections." |
| Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter. |
| Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. |
| Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. |
| wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument. |
| Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php. |
| Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption). |
| tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. |
| The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file. |
| Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent. |
| SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. |
| Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link. |
| SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp. |
| Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command. |
| The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. |
| SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter. |
| SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges. |