| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. |
| AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. |
| thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. |
| Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. |
| A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. |
| runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. |
| Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. |
| Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. |
| Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data. |
| The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. |
| Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
| InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
| Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. |
| Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. |
| WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. |
| Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
| Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. |
| Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. |
| Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. |
