| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. |
| The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null. |
| speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. |
| Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. |
| Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. |
| VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. |
| glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. |
| Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. |
| Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. |
| The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory. |
| Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. |
| The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. |
| Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. |
| Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. |
| SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. |
| Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. |
