| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |
| Denial of service in syslog by sending it a large number of superfluous messages. |
| FormMail CGI program allows remote execution of commands. |
| FormMail CGI program can be used by web servers other than the host server that the program resides on. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. |
| The Webgais program allows a remote user to execute arbitrary commands. |
| The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |
| Linux implementations of TFTP would allow access to files outside the restricted directory. |
| When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option. |
| Denial of service in in.comsat allows attackers to generate messages. |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. |
| websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). |
| finger 0@host on some systems may print information on some user accounts. |