| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. |
| Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. |
| Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. |
| Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. |
| Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument. |
| Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. |
| Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. |
| Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. |
| Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. |
| Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. |
| Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command. |
| teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. |
| ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. |
| Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. |
| Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. |
