| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. |
| Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. |
| EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. |
| Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. |
| PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. |
| Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. |
| PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. |
| The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. |
| Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. |
| Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581. |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. |
| mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. |
| Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. |
| Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. |
| Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. |
| Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. |
