| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. |
| Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. |
| Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. |
| Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. |
| The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash). |
| Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code. |
| Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. |
| Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. |
| xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. |
| Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. |
| Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. |
| libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. |
| Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter. |
| Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. |
| book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. |
| cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. |