111.5K CVEs classified as high severity
Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] para...
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input ...
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service ...
Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted s...
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, a...
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spo...
Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to exe...
PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter.
Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. NOTE: the proven...
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service ...
Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzo...
Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string...
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as de...
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string ...
SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid paramet...
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC ...
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote att...
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum...
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solel...
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.