| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. |
| Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. |
| PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. |
| SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. |
| Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. |
| SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server. |
| The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL. |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. |
| Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. |
| Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. |
| user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. |
| The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group. |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. |
| Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information. |
| Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. |
| pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. |
| Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. |
