| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement |
| PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement |
| Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer. |
| Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. |
| cfingerd lists all users on a system via search.**@target. |
| The jj CGI program allows command execution via shell metacharacters. |
| Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. |
| Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| htmlscript CGI program allows remote read access to files. |
| The info2www CGI script allows remote file access or remote command execution. |
| Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. |
| A router or firewall allows source routed packets from arbitrary hosts. |
| Netscape Enterprise servers may list files through the PageServices query. |
| Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. |
| Progressive Networks Real Video server (pnserver) can be crashed remotely. |
| Denial of service in Slmail v2.5 through the POP3 port. |
| Denial of service through Solaris 2.5.1 telnet by sending ^D characters. |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |