| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. |
| Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods. |
| Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template. |
| SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. |
| Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643. |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. |
| SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command. |
| Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. |
| ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie. |
| Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter. |
| Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command. |
| Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message. |
| The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html. |
| Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html. |
| Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html. |
| Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html. |
| Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
