| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. |
| Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. |
| Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command. |
| lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. |
| The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. |
| ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character. |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. |
| movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. |
| Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. |
| Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. |
| Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. |
| The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. |
| rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line. |
| Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark). |
| rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. |
| Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs. |
| Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. |
| mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query. |
| Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. |
| in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. |
