| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post. |
| GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. |
| Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. |
| oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. |
| Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. |
| Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. |
| ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. |
| qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. |
| libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. |
| Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. |
| Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. |
| Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack. |
| Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. |
| XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. |
| The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. |