| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. |
| Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. |
| Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. |
| Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. |
| A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. |
| NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. |
| PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. |
| SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. |
| Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter. |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. |
| xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values. |
