| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. |
| glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
| Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. |
| Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template. |
| Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters. |
| get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. |
| Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. |
| An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. |
| search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. |
| procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. |
| Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. |
| Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. |
| The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports. |
| Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. |
| Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. |
| The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. |
