| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page. |
| ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true". |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. |
| Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. |
| The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. |
| Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post. |
| Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input." |
| Buffer overflows in Sun libnsl allow root access. |
| PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. |
| Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. |
| Vacation program allows command execution by remote users through a sendmail command. |
| Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |
| Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument. |
| SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger. |
| Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets. |
| Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. |
| Buffer overflow in dtaction command gives root access. |
| Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB. |