| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. |
| master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"' |
| Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors. |
| Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. |
| Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php. |
| PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests |
| Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter. |
| SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php. |
| Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php. |
| SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. |
| SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter. |
| Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php. |
| Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. |
| Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. |
| awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714. |
