| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. |
| IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. |
| Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. |
| Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. |
| Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. |
| Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. |
| Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". |
| The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. |
| Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
| Buffer overflow in FreeBSD gdc program. |
| login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. |
| slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. |
| Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. |
| IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. |
