| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. |
| pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. |
| Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. |
| AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request. |
| ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted. |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. |
| AIX cdmount allows local users to gain root privileges via shell metacharacters. |
| The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. |
| UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. |
| Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. |
| The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. |
| Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors. |
| Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. |
| Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable. |
| BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. |
| CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN. |
| read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. |
| CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. |
