| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters. |
| Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. |
| Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service. |
| Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file. |
| Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. |
| Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request. |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. |
| Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. |
| The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. |
| GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. |
| AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. |
| Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL. |
| Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. |
| GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". |
| Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. |
| Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. |
| Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. |
