| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sendmail decode alias can be used to overwrite sensitive files. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
| The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490. |
| PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |
| In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. |
| Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. |
| Denial of service of Ascend routers through port 150 (remote administration). |
| Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash). |
| All records in a WINS database can be deleted through SNMP for a denial of service. |
| admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Buffer overflow in SunOS/Solaris ps command. |
| HP-UX vgdisplay program gives root access to local users. |