| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. |
| ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. |
| Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot. |
| Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. |
| makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. |
| Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors. |
| Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. |
| graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment. |
| savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. |
| Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino. |
| Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. |
| Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. |
| Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. |
| Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. |
| Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file. |