| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. |
| vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. |
| PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. |
| Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. |
| F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. |
| Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. |
| Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. |
| Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. |
