| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement. |
| Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist. |
| Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID. |
| grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. |
| index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. |
| Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. |
| SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field. |
| Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. |
| Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. |
| gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. |
| Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. |
| apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug. |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. |
| Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line. |
| masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. |
| SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. |
| Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. |
| aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable). |
| nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. |