| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message. |
| Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. |
| Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. |
| Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS. |
| Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. |
| Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. |
| Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root. |
| Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. |
| Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. |
| Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. |
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. |
| BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. |
| Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. |
| Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. |
| Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. |
| Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. |
| Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. |
| OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. |