| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request. |
| cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request. |
| Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. |
| The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. |
| Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. |
| Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. |
| search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. |
| SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields. |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. |
| SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. |
| Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter. |
| Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. |
| phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. |
| The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). |
| profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. |