| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file. |
| Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. |
| mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges. |
| When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. |
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. |
| Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. |
| AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. |
| Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| Denial of service in Samba NETBIOS name service daemon (nmbd). |
| Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. |
| Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. |
| Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port. |
| Denial of service in MDaemon 2.7 via a large number of connection attempts. |
| Buffer overflow in free internet chess server (FICS) program, xboard. |
| Denial of service in BIND named via maxdname. |
| The default permissions for Endymion MailMan allow local users to read email or modify files. |
| Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. |
