| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. |
| The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. |
| ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files. |
| Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php. |
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. |
| Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. |
| Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. |
| Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. |
| NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. |
| User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values. |
| Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. |
| The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. |
| Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. |
| The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console. |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. |
| FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. |
