| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. |
| Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. |
| Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. |
| SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. |
| SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php. |
| SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts. |
| Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field. |
| Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter. |
| Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root |
| Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter. |
| Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command. |
| Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests. |
| Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162. |
| SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters. |
| Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. |
| Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. |
| Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters. |
| Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. |
