| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. |
| Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. |
| Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. |
| Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. |
| Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network. |
| Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. |
| The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
| CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
| Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity. |
| Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
| Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |
| Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. |
| TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. |
| Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
| The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. |