| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string. |
| Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. |
| Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields. |
| FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference. |
| Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port. |
| Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment. |
| SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct |
| SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter. |
| Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php. |
| Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. |
| Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. |
| SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. |
| tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. |
| Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. |
