| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. |
| Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command. |
| aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). |
| Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. |
| Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter. |
| procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. |
| The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. |
| An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. |
| The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |
| Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php. |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. |
| The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. |
| The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. |
| Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. |
| xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file. |
| The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". |
| Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. |
