| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. |
| Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command. |
| The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. |
| Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. |
| Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. |
| The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. |
| Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. |
| The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields. |
| surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. |
| wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums. |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. |
| The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. |
| Buffer overflow in SCO scohelp program allows remote attackers to execute commands. |