| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. |
| Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function. |
| Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. |
| FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php. |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. |
| xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR]. |
| SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable. |
| CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message. |
| A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. |
| Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command. |
| Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing. |
| Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. |
| Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. |
| SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. |
| Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors. |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. |
