| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. |
| SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap. |
| java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument. |
| SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page. |
| ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. |
| Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
| The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. |
| mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets. |
| Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session. |
| cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. |
| FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users. |
| The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen. |
| Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters. |
| Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. |
