| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. |
| ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. |
| iPass RoamServer 3.1 creates temporary files with world-writable permissions. |
| Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. |
| Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising." |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. |
| Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. |
| Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code. |
| Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
| libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. |
| The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. |
| fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. |
| /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. |
| Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). |
| Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. |
