| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vacation program allows command execution by remote users through a sendmail command. |
| CWD ~root command in ftpd allows root access. |
| Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| The printers program in IRIX has a buffer overflow that gives root access to local users. |
| Denial of service in RAS/PPTP on NT systems. |
| FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. |
| Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. |
| In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
| A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. |
| Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. |
| A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
