| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. |
| The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. |
| ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. |
| Remote attackers can perform a denial of service using IRIX fcagent. |
| CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. |
| suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk. |
| Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. |
| The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
| Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers. |
| A service or application has a backdoor password that was placed there by the developer. |
| Buffer overflow in dtaction command gives root access. |
| Buffer overflow in AIX lchangelv gives root access. |
| vold in Solaris 2.x allows local users to gain root access. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. |
| Denial of service in RAS/PPTP on NT systems. |
| Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| Denial of service in Qmail by specifying a large number of recipients with the RCPT command. |
| The handler CGI program in IRIX allows arbitrary command execution. |
