| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
| Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. |
| IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." |
| A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. |
| Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code. |
| Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
| NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. |
| Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. |
| A network intrusion detection system (IDS) does not properly reassemble fragmented packets. |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. |
| Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. |
| An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. |
| gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed. |
| BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. |
| The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. |
| The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. |
