| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. |
| The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. |
| Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. |
| Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter. |
| MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. |
| Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices. |
| Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. |
| NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access. |
| Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. |
| Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. |
| The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. |
| The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. |
| Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. |
| Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. |
| Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. |
| Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. |
| Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. |