| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. |
| dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. |
| WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
| The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear. |
| Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. |
| Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. |
| PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. |
| BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. |
| Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
| Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command. |
| An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
| Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function. |
| NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. |
| Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. |
| IMail POP3 daemon uses weak encryption, which allows local users to read files. |
| Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870. |
| The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. |
| DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
| Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
