| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. |
| named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. |
| Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments. |
| (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. |
| Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search. |
| Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0]. |
| Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. |
| admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. |
| Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable. |
| .sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file. |
| calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. |
| RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. |
| MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." |
| gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file. |
| Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm. |
| FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. |
| Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. |
| Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. |
