| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. |
| It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. |
| libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. |
| paxtest handles temporary files insecurely |
| If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. |
| Mumble: murmur-server has DoS due to malformed client query |
| Drupal versions 5.x and 6.x has open redirection |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. |
| Dump Servlet information leak in jetty before 6.1.22. |
| burn allows file names to escape via mishandled quotation marks |
| python-docutils allows insecure usage of temporary files |
| asterisk allows calls on prohibited networks |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. |
| gri before 2.12.18 generates temporary files in an insecure way. |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
