| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. |
| userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. |
| Firewall-1 does not properly restrict access to LDAP attributes. |
| Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. |
| ypserv allows a local user to modify the GECOS and login shells of other users. |
| Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. |
| sccw allows local users to read arbitrary files. |
| Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. |
| Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. |
| Buffer overflow in the FTP client in the Debian GNU/Linux netstd package. |
| WebTrends software stores account names and passwords in a file which does not have restricted access permissions. |
| A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. |
| Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. |
| An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
| Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. |
| UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. |
| Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model. |
| Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. |
| wwwboard allows a remote attacker to delete message board articles via a malformed argument. |
| attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request. |
