| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php. |
| Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. |
| The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. |
| SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter. |
| Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. |
| Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module. |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message. |
| PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie. |
| The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. |
| commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. |
| Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. |
| DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. |
| Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500. |
| ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. |
| Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. |
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. |
| PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. |
| SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. |
