| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword. |
| Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. |
| The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. |
| Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." |
| Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. |
| SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. |
| Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges. |
| Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. |
| Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications. |
| Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. |
| Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. |
| Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. |
| Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records. |
| Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages. |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |