| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. |
| Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. |
| Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. |
| Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. |
| Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. |
| Denial of service in RAS/PPTP on NT systems. |
| The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. |
| The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. |
| The Perl fingerd program allows arbitrary command execution from remote users. |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. |
| The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. |
| NFS cache poisoning. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |
