| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors. |
| Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply. |
| Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands. |
| Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. |
| The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file. |
| configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system. |
| Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. |
| TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin. |
| Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie. |
| TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. |
| isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. |
| Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. |
| gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. |
| Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap. |
