| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. |
| AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. |
| Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. |
| ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. |
| NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging. |
| WS_FTP server remote denial of service through cwd command. |
| Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. |
| SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. |
| article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. |
| poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. |
| categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. |
| filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. |
| OpenBSD crash using nlink value in FFS and EXT2FS filesystems. |
| Buffer overflow in OpenBSD ping. |