| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload. |
| telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow. |
| Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. |
| Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. |
| wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option. |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. |
| Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. |
| Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. |
| Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. |
| Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. |
| Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. |
| TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. |
| Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script. |
| Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. |
| Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. |
| Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter. |
