| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. |
| ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. |
| time server daemon timed allows remote attackers to cause a denial of service via malformed packets. |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. |
| SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. |
| SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. |
| Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. |
| sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. |
| Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. |
| Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. |
| dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. |
| upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. |
| Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients. |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. |
| Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. |
| Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. |
| Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. |