| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors. |
| SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter. |
| PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. |
| kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs. |
| When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. |
| Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. |
| SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. |
| Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. |
| Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. |
| SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. |
| SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. |
| The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. |
| SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. |
| F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. |
