| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. |
| Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. |
| Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. |
| Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. |
| Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. |
| Linux PAM modules allow local users to gain root access using temporary files. |
| A malicious Palace server can force a client to execute arbitrary programs. |
| NT users can gain debug-level access on a system process using the Sechole exploit. |
| CGI PHP mlog script allows an attacker to read any file on the target server. |
| Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. |
| FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. |
| ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption. |
| rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. |
| Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. |
| ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book. |
