| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. |
| The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. |
| The Perl fingerd program allows arbitrary command execution from remote users. |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. |
| The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. |
| NFS cache poisoning. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |
| Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users. |
| Linux implementations of TFTP would allow access to files outside the restricted directory. |
| When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. |
