| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. |
| Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). |
| Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command. |
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. |
| The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. |
| SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. |
| Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." |
| Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. |
| Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument. |
| Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument. |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07. |
| Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. |
| SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. |
| xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file. |
| Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. |
