| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. |
| Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code. |
| Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. |
| config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie. |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information. |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter. |
| eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field. |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. |
| Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. |
| Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. |
| The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. |
| yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. |
| Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address). |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. |
