| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. |
| Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. |
| Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request. |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. |
| Buffer overflow in SCO su program allows local users to gain root access via a long username. |
| Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0). |
| Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. |
| Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. |
| Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. |
| Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. |
| awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. |
| userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. |
| Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
| Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. |
| Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. |
| FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. |
