| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. |
| Windows NT automatically logs in an administrator upon rebooting. |
| cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. |
| Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks. |
| traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. |
| Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name. |
| Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. |
| SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. |
| Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header. |
| Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. |
| The Logon box of a Windows NT system displays the name of the last user who logged in. |
| The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. |
| Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. |
| The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. |
| Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. |
| Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. |
| The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing. |
