| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges. |
| /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. |
| Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter. |
| Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with "EVERYONE FULL CONTROL" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll. |
| Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. |
| Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm. |
| Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. |
| Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. |
| Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. |
| runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. |
| Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. |
| FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. |
| nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. |
| Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
| FTPPro allows local users to read sensitive information, which is stored in plain text. |
| The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. |
| The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. |
| Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. |
| InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
| MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. |