| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
| The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. |
| Vulnerability in WebCalendar 0.9.26 allows remote command execution. |
| Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. |
| In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. |
| Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. |
| NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". |
| Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. |
| Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. |
| Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. |
| Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. |
| Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. |
| Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. |
| Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. |
| The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. |
| Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. |
| Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. |
| Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. |
