| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. |
| Buffer overflow in Skyfull mail server via MAIL FROM command. |
| Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. |
| Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. |
| Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies. |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. |
| Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. |
| Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c. |
| ypserv allows a local user to modify the GECOS and login shells of other users. |
| The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. |
| Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
| The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. |
| Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. |
| Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. |
| Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. |
| VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. |
| A buffer overflow in lsof allows local users to obtain root privilege. |