| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. |
| smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT. |
| SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. |
| Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. |
| The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument. |
| ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. |
| webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter. |
| tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. |
| geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges. |
| Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. |
| Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. |
| Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". |
| Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. |
| Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. |
| Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. |
| run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. |
| Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. |
