| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. |
| A network intrusion detection system (IDS) does not properly reassemble fragmented packets. |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. |
| Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. |
| glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. |
| The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. |
| BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. |
| An account on a router, firewall, or other network device has a default, null, blank, or missing password. |
| An account on a router, firewall, or other network device has a guessable password. |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. |
| Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client. |
| Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. |
| SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. |
| TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. |
| MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences. |
| Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. |
| snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. |
| Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. |