| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. |
| A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. |
| The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. |
| The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. |
| A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. |
| A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
| Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. |
| Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. |
| Denial of service in "poll" in OpenBSD. |
| OpenBSD crash using nlink value in FFS and EXT2FS filesystems. |
| Buffer overflow in OpenBSD ping. |
| Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. |
| Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. |
| The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| Denial of service in WinGate proxy through a buffer overflow in POP3. |
