| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. |
| Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. |
| Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |
| Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. |
| LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). |
| Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. |
| Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. |
| SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. |
| Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. |
| mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. |
| Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable. |
| MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information. |
| Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. |
| Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag. |
| Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. |
| Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. |