| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action. |
| Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. |
| MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122. |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. |
| SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. |
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. |
| buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. |
| SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. |
| Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. |
| SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. |
| Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function. |
| Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." |
| Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." |
| Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. |
| Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. |
