| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. |
| Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. |
| Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted. |
| Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. |
| The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. |
| The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. |
| The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. |
| The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. |
| The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. |
| Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. |
| Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file. |
| The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. |
| mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. |
| Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. |
| MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. |
| Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. |
| Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." |
| Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. |
| The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. |
