| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. |
| Buffer overflows in Sun libnsl allow root access. |
| Buffer overflow in Sun's ping program can give root access to local users. |
| Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. |
| Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. |
| Buffer overflow in Solaris dtprintinfo program. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| Buffer overflow in Solaris lpset program allows local users to gain root access. |
| The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. |
| Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. |
| Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. |
| QMS CrownNet Unix Utilities for 2060 allows root to log on without a password. |
| Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. |
