| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. |
| Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. |
| daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
| The recover program in Solstice Backup allows local users to restore sensitive files. |
| WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. |
| Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. |
| PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. |
| nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. |
| Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
| Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. |
| An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. |
| procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. |
| The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. |
| WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. |
| The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. |
| The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. |
