| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. |
| The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. |
| Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |
| A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. |
| A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. |
| SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. |
| IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. |
| Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. |
| Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. |
| Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. |
| Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. |
| Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". |
| The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. |
| Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
| Buffer overflow in FreeBSD gdc program. |
