| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. |
| Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. |
| Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file. |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. |
| Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors. |
| Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. |
| Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. |
| Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. |
| Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287. |
| Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." |
| Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call. |
| Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. |
| PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
| BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. |
| Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." |
| Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors. |
