| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. |
| Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. |
| Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. |
| The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
| Denial of service in "poll" in OpenBSD. |
| Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. |
| A trust relationship exists between two Unix hosts. |
| The Windows NT guest account is enabled. |
| There is a one-way or two-way trust relationship between Windows NT domains. |
| A Windows NT file system is not NTFS. |
| A Windows NT administrator account has the default name of Administrator. |
| A system-critical Windows NT registry key has inappropriate permissions. |
| The Logon box of a Windows NT system displays the name of the last user who logged in. |
| A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. |
| An incorrect configuration of the Webcart CGI program could disclose private information. |
| The rpc.rquotad service is running. |
