| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script. |
| Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. |
| Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
| PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. |
| The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. |
| The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. |
| Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. |
| ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. |
| NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access. |
| pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. |
| FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. |
| Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. |
| Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. |
| Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. |
| The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. |
| The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. |
| Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. |
| Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string. |
| The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. |