| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. |
| Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file. |
| The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. |
| Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. |
| Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug." |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. |
| Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. |
| Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. |
| Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. |
| Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors. |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. |
| ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." |
