| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy. |
| Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users. |
| Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php. |
| IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). |
| Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable. |
| Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options. |
| Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables. |
| Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. |
| The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges. |
| Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. |
| Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. |
| The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. |
| langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. |
| Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. |
| SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. |
| Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3). |
| Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. |
