| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
| Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. |
| WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled. |
| Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. |
| Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. |
| remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
| Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. |
| AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. |
| ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. |
| iPass RoamServer 3.1 creates temporary files with world-writable permissions. |
| Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. |
| Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising." |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. |
