| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. |
| File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. |
| Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. |
| FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image. |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. |
| Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. |
| Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. |
| Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. |
| SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. |
| Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. |
| Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. |
| Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. |
| Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. |
| Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. |
| PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter. |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. |
