| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. |
| Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. |
| The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. |
| Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. |
| Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. |
| Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields. |
| Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands. |
| The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. |
| The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. |
| IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. |
| Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. |
| Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. |
| xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. |
| OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. |
| Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. |
| The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password. |
| O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. |
| Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
