| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IRIX fam service allows an attacker to obtain a list of all files on the server. |
| An SNMP community name is guessable. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
| Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. |
| Buffer overflow in ToxSoft NextFTP client through CWD command. |
| The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. |
| PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter. |
| Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter. |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. |
| ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message. |
| Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. |
| Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request. |
| Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. |
| Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. |
| The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. |