| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors. |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. |
| Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service. |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. |
| SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. |
| Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. |
| Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument. |
| WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled. |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. |
| Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users. |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. |
| Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin. |
| unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file. |
| phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. |
| membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. |
| Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. |
| cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
