| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php. |
| A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
| SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter. |
| Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
| WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. |
| Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response. |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. |
| Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters. |
| The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. |
| PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter. |
| The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. |
| The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. |
| The KDE klock program allows local users to unlock a session using malformed input. |
| Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. |
| Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. |
| Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL." |
| A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. |
| KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. |
