| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. |
| The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. |
| Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). |
| Vulnerability in the Wguest CGI program. |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
| Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. |
| Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| fpkg2swpk in HP-UX allows local users to gain root access. |
| Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. |
| SGI mediad program allows local users to gain root access. |
| Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. |
| A malicious Palace server can force a client to execute arbitrary programs. |
| Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. |
| ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
| In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. |
