| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. |
| The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. |
| Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. |
| StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument. |
| PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116. |
| MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. |
| Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. |
| The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. |
| Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. |
| When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. |
| Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. |
| CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN. |
| BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. |
| Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL. |
| Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message. |
| TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
| The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. |
| Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands. |