| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. |
| Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command. |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. |
| Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. |
| WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. |
| WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. |
| Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address. |
| Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. |
| Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. |
| PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php. |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." |
| YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. |
| Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." |
| Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. |
| Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. |
| Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters. |
| Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. |
