| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. |
| PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. |
| Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. |
| Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. |
| Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request. |
| NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. |
| The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. |
| Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. |
| AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request. |
| Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists. |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. |
| Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter. |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. |
| Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters. |
| dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. |