| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. |
| Buffer overflows in Sun libnsl allow root access. |
| Buffer overflow in Sun's ping program can give root access to local users. |
| Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. |
| Buffer overflow in Solaris dtprintinfo program. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| Buffer overflow in Solaris lpset program allows local users to gain root access. |
| The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. |
| Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. |
| Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. |
| QMS CrownNet Unix Utilities for 2060 allows root to log on without a password. |
| Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. |
| Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). |
