| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. |
| Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. |
| ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. |
| Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. |
| The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. |
| Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
| fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. |
| MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
| Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. |
| AIX routed allows remote users to modify sensitive files. |
| AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. |
| Windows NT 4.0 beta allows users to read and delete shares. |
| Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. |
| Denial of service in RAS/PPTP on NT systems. |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. |
| FormMail CGI program allows remote execution of commands. |
| finger 0@host on some systems may print information on some user accounts. |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. |
| Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. |
| Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |