| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. |
| Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. |
| The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. |
| The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. |
| SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. |
| Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. |
| Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. |
| Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. |
| Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response. |
| Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." |
| Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
| Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. |
