| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
| The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. |
| KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. |
| Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. |
| The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request. |
| Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. |
| fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. |
| Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. |
| Vulnerability in the server for nPULSE before 0.53p4. |
| nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl. |
| Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. |
| Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified. |
| Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. |
| Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. |
| iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. |
| Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. |
| admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter. |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. |
| iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). |