| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. |
| x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message. |
| /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal. |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php. |
| TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin. |
| BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key. |
| mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets. |
| Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session. |
| FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users. |
| Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. |
| Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. |
| The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. |
| Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE. |
| Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. |
| Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. |
| PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php. |
| Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. |
| Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. |
| Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10. |
