| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. |
| rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. |
| nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. |
| The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. |
| Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. |
| The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. |
| Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. |
| The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. |
| XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
| Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. |
| The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. |
| Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. |
| Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. |
| The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. |
| Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. |
| SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. |
| DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. |