| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. |
| Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. |
| Buffer overflow in FreeBSD angband allows local users to gain privileges. |
| Buffer overflow in BIND 8.2 via NXT records. |
| Denial of service in MDaemon 2.7 via a large number of connection attempts. |
| The default permissions for Endymion MailMan allow local users to read email or modify files. |
| login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. |
| Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. |
| Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
| Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. |
| The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
| Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. |
| PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms". |
| Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field. |
| Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. |
| Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php. |
| Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. |