| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. |
| Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data. |
| The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. |
| Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. |
| Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. |
| InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
| WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. |
| Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
| Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. |
| The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. |
| Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. |
| Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. |
| Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. |
| AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value. |
| The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. |
| ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. |
| TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
| aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory. |
