| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HP CDE program includes the current directory in root's PATH variable. |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. |
| The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. |
| The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
| A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. |
| Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. |
| Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. |
| The Debian mailman package uses weak authentication, which allows attackers to gain privileges. |
| Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. |
| Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). |
| NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. |
| FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. |
| Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. |
