| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. |
| ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. |
| Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. |
| Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. |
| Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. |
| Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. |
| Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. |
| Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences. |
| Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash). |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." |
| Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." |
| Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." |
| Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets. |
| Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name. |
| VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106. |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." |
| Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory. |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. |