| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. |
| PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. |
| WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. |
| The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. |
| A component service related to NIS+ is running. |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. |
| An SNMP community name is guessable. |
| A system-critical NETBIOS/SMB share has inappropriate access control. |
| Windows NT automatically logs in an administrator upon rebooting. |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. |
| Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector. |
| Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. |
| Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag. |
| A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. |
| Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581. |
| A filter in a router or firewall allows unusual fragmented packets. |
