| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. |
| HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. |
| Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. |
| Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. |
| Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via (1) a long map command, (2) a long exec command, or (3) long input in a configuration file. |
| Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. |
| Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. |
| Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack. |
| Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. |
| Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. |
| Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. |
| Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. |
| Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. |
| Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. |
| IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. |
| PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data". |