| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command. |
| Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter. |
| Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. |
| Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. |
| class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. |
| index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true. |
| The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. |
| Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. |
| The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files. |
| Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. |
| SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. |
| Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file. |
| Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. |
| Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. |
| Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. |
| lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. |
| A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." |
| Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." |
