| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. |
| Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. |
| Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. |
| Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. |
| login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. |
| Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. |
| Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php. |
| Buffer overflow in Solaris lpstat via class argument allows local users to gain root access. |
| Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE. |
| Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. |
| Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." |
| Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. |
| The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet. |
