| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. |
| Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. |
| The rstat/rstatd service is running. |
| Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument. |
| A component service related to NIS+ is running. |
| Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. |
| SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. |
| Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. |
| The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. |
| Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. |
| Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors. |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." |
| Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename. |
