| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. |
| IIS newdsn.exe CGI script allows remote users to overwrite files. |
| Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. |
| Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option. |
| Denial of service in in.comsat allows attackers to generate messages. |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. |
| Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value. |
| websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). |
| Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password. |
| Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. |
| The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. |
| Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548. |
| Denial of service in Sendmail 8.6.11 and 8.6.12. |
