| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. |
| Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. |
| eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. |
| eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. |
| Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. |
| PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. |
| PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. |
| Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. |
| The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. |
| Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. |
| Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. |
| High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. |