| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Arbitrary command execution via IMAP buffer overflow in authenticate command. |
| Buffer overflow in NIS+, in Sun's rpc.nisd program. |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. |
| Unauthorized privileged access or denial of service via dtappgather program in CDE. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| root privileges via buffer overflow in df command on SGI IRIX systems. |
| The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. |
| Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. |
| webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. |
| Buffer overflow in NLS (Natural Language Service). |
| The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. |
| Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited. |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
| fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. |
| MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
| Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. |
| Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. |
