| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. |
| setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. |
| SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. |
| libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable. |
| Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. |
| The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. |
| runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. |
| Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318. |
| Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. |
| Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. |
| Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option. |
| Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. |
| Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. |
| Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. |
| PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. |
| index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. |
