111.5K CVEs classified as high severity
Vulnerability in the server for nPULSE before 0.53p4.
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan...
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly in...
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks ag...
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arg...
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index fi...
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit ...
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot d...
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a ...
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are r...
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly hand...
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER value...
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demo...