| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action. |
| Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. |
| viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened. |
| Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information. |
| The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server. |
| Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. |
| Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter. |
| Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. |
| Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code. |
| Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact. |
| SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter. |
| eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. |
| eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. |
| Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. |
| SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. |
| SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. |
| Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. |
| SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. |