| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. |
| ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. |
| Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. |
| Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
| Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document. |
| Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. |
| Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. |
| Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. |
| LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. |
| Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. |
| Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command. |
| PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets. |
| eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. |
| Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. |
