| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. |
| WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
| Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. |
| Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
| IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. |
| Denial of service in Savant web server via a null character in the requested URL. |
| CascadeView TFTP server allows local users to gain privileges via a symlink attack. |
| Buffer overflow in Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service or execute commands via a long username. |
| Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter. |
| wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. |
| IMail POP3 daemon uses weak encryption, which allows local users to read files. |
| DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
| Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
| Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
| Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
| IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. |
| Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |