| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. |
| Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. |
| PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. |
| userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. |
| RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. |
| Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. |
| The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. |
| snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. |
| Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. |
| automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. |
| Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. |
| gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. |
| The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. |
