| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. |
| The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| Denial of service of Ascend routers through port 150 (remote administration). |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
| A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. |
| Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. |
| Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument. |
| A system-critical Windows NT registry key has an inappropriate value. |
| Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. |
| classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. |
