| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. |
| The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. |
| Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. |
| IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. |
| Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. |
| Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. |
| Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie. |
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
| FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. |
| Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands. |
| IRIX startmidi program allows local users to modify arbitrary files via a symlink attack. |
| Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). |
| Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. |
| WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. |
| FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. |
| The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
| Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. |
| The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. |
| The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates. |
