| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. |
| Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031. |
| SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter. |
| Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. |
| Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. |
| Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file. |
| Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. |
| Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session. |
| SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter. |
| Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. |
| SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. |
| Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. |
| ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. |
| SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. |
| APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share. |
| 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. |
| Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. |