| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. |
| Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. |
| The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. |
| Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. |
| Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files. |
| WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. |
| daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
| Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. |
| Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. |
| Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. |
| Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. |
| Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. |
| Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. |
| Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |
| Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. |
| Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. |
