| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. |
| Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. |
| Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. |
| Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. |
| Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. |
| postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. |
| man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). |
| Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. |
| Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. |
| Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option. |
| Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. |
| Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. |
| template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi. |
| Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter. |
| Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. |
| Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. |
| TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. |
| Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data." |
| Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. |
