| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file. |
| Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length. |
| Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. |
| Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. |
| cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information. |
| Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username. |
| PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. |
| Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. |
| Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. |
| smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files. |
| CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers. |
| Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. |
| The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method. |
| Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. |
| Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. |
| ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords. |
| Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. |
| phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. |
| Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. |
