| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. |
| SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. |
| Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. |
| Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML. |
| Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header. |
| Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header. |
| Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. |
| Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. |
| Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. |
| Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. |
| Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. |
