| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). |
| Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730. |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php. |
| Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. |
| SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline. |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. |
| Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. |
| Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page. |
| Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. |
| Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. |
| Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. |
| parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. |
| Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. |
| Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. |
| Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name. |
| The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. |
| Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. |
| Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. |