| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. |
| FreeBSD gdc program allows local users to modify files via a symlink attack. |
| Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command. |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. |
| Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. |
| cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. |
| Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI. |
| ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
| Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. |
| Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
| Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
| Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. |
| WebTrends software stores account names and passwords in a file which does not have restricted access permissions. |
| Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users. |
| A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. |
| McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. |
| Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. |
