| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. |
| vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. |
| UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. |
| PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. |
| Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability. |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. |
| Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. |
| Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. |
| F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. |
| Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. |
| Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. |
