| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. |
| SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. |
| add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. |
| eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. |
| Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. |
| CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. |
| Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. |
| iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. |
| csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. |
| 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request. |
| Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option. |
| Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. |
| Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter. |
| Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. |
| Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine. |
