| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. |
| ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. |
| BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. |
| Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. |
| Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. |
| man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. |
| Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. |
| Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. |
| Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. |
| Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. |
| QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. |
| xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. |
| In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. |
| Dragon FTP server allows remote attackers to cause a denial of service via a long USER command. |
| Dragon telnet server allows remote attackers to cause a denial of service via a long username. |
| Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. |
| Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. |
| Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. |