| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. |
| Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. |
| Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. |
| SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. |
| Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. |
| TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. |
| misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. |
| Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. |
| Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors. |
| The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. |
| The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. |
| Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. |
| admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. |
| admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. |
| The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. |
