| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. |
| Buffer overflow in AIX dtterm program for the CDE. |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. |
| Buffer overflow in AIX lchangelv gives root access. |
| Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
| fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. |
| The ghostscript command with the -dSAFER option allows remote attackers to execute commands. |
| Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. |
| In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. |
| NFS allows attackers to read and write any file on the system by specifying a false UID. |
| Denial of service in syslog by sending it a large number of superfluous messages. |
| Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. |
| FormMail CGI program allows remote execution of commands. |
| The Webgais program allows a remote user to execute arbitrary commands. |
| Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. |
| Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. |
| in.rshd allows users to login with a NULL username and execute commands. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. |
