| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. |
| SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters. |
| Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response. |
| Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL. |
| SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter. |
| Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option. |
| FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message. |
| Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords. |
| Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. |
| SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter. |
| Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. |
| Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). |
| Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." |
| Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. |
| Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code. |
| Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. |
| wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. |
| Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors. |
| Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. |
| Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable. |