| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. |
| The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. |
| Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. |
| Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. |
| Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. |
| Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. |
| The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file. |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. |
| The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. |
| Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. |
| GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. |
| Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. |
| Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. |
| Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. |
| HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. |
| Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. |
| Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. |
| Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." |
