| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. |
| WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. |
| Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. |
| iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. |
| Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. |
| Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. |
| Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. |
| Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. |
| Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. |
| INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1. |
| postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. |
| Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name. |
| Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. |
| Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). |
| Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl. |
| Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. |
| Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. |
| Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object. |
| Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. |
| Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. |
