| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
| Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. |
| Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
| Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit. |
| DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
| Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter. |
| The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
| Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. |
| The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
| L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. |
| Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. |
| suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk. |
| Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. |
| The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. |
| A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. |
| A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. |
