| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue. |
| iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring. |
| Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. |
| Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. |
| PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
| Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. |
| Denial of service in Sendmail 8.6.11 and 8.6.12. |
| MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
| Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. |
| Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. |
| rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. |
| The SunView (SunTools) selection_svc facility allows remote users to read files. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| Denial of service in Windows NT messenger service through a long username. |
| Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. |
| Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection. |
