| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." |
| Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. |
| Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. |
| vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges. |
| WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters. |
| AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. |
| The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. |
| The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. |
| The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords. |
| The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. |
| The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. |
| The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. |
| Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess. |
| PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. |
| BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. |
| Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message. |
| Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. |
| The registry in Windows NT can be accessed remotely by users who are not administrators. |
