| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character. |
| Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. |
| Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. |
| ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state." |
| Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter. |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. |
| Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. |
| Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. |
| Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. |
| Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. |
| Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. |
| Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. |
| Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. |
| FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities. |
| Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. |
| The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. |
| Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. |
