| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins. |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. |
| Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. |
| Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". |
| The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty. |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. |
| PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. |
| PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. |
| Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. |
| Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. |
| PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. |
| eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values. |
| ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520. |
| ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519. |
| SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges. |
| Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. |
| The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. |
