| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CGI PHP mylog script allows an attacker to read any file on the target server. |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |
| Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. |
| Buffer overflow in AIX libDtSvc library can allow local users to gain root access. |
| SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter. |
| Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. |
| Finger redirection allows finger bombs. |
| RIP v1 is susceptible to spoofing. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. |
| Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. |
| Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. |
| The handler CGI program in IRIX allows arbitrary command execution. |
| AIX infod allows local users to gain root access through an X display. |
| Windows NT 4.0 beta allows users to read and delete shares. |
| The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. |
| Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
| filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo. |