| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| NFS cache poisoning. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
| Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. |
| Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
| swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access. |
| AIX bugfiler program allows local users to gain root access. |
| Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. |
| Buffer overflow in AIX dtterm program for the CDE. |
| Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. |
| finger allows recursive searches by using a long string of @ symbols. |
| Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. |
| Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. |