| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. |
| Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak. |
| Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template. |
| Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template. |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. |
| Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. |
| PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. |
| The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. |
| Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. |
| The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections. |
| Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. |
| Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. |
| Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument. |
| Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. |
| telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. |
| Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code. |
| Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors. |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. |
| ftp on HP-UX 11.00 allows local users to gain privileges. |
| MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM. |