| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. |
| Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. |
| Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. |
| phf CGI program allows remote command execution through shell metacharacters. |
| index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message. |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. |
| PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile. |
| Buffer overflow in wu-ftp from PASV command causes a core dump. |
| Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. |
| Predictable TCP sequence numbers allow spoofing. |
| SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. |
| wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
| linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. |
