| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Linux cfingerd could be exploited to gain root access. |
| OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. |
| IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. |
| Nestea variation of teardrop IP fragmentation denial of service. |
| Bonk variation of teardrop IP fragmentation denial of service. |
| cfingerd lists all users on a system via search.**@target. |
| Solaris SUNWadmap can be exploited to obtain root access. |
| htmlscript CGI program allows remote read access to files. |
| ICMP redirect messages may crash or lock up a host. |
| Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. |
| MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. |
| Denial of service in Slmail v2.5 through the POP3 port. |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. |
| The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. |
| Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). |
