| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space). |
| SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter. |
| PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. |
| Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. |
| Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. |
| Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort). |
| Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors. |
| Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference. |
| Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer. |
| Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. |
| ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie. |
| Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html. |
| delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter. |
| SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter. |
| Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. |
| Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. |
