| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. |
| IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
| CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. |
| Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service. |
| The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. |
| Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. |
| htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. |
| Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. |
| NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests. |
| NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords. |
| PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. |
| RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request. |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. |
| NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. |
| Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. |
| Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem. |
| Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. |
| Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. |
| fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. |
| McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment. |
