| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. |
| The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
| The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. |
| Buffer overflow in INN inews program. |
| Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. |
| The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. |
| Vulnerability in Compaq Tru64 UNIX edauth command. |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. |
| A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
| Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). |
