| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. |
| Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. |
| PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. |
| Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file. |
| Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file. |
| Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. |
| Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page. |
| SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. |
| SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. |
| Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. |
| The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. |
| SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. |
| Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. |