| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT. |
| Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. |
| Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
| Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
| VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. |
| Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
| Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. |
| Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. |
| PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
| Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. |
| Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command. |
| Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. |
| Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. |
| Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. |
| Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. |
| Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. |
| Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. |