| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. |
| Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. |
| Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. |
| httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers. |
| Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. |
| httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data. |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. |
| StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files. |
| The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. |
| StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information. |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
