| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. |
| classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. |
| BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. |
| BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. |
| MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages. |
| Denial of service in Debian IRC Epic/epic4 client via a long string. |
| Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. |
| Mutt mail client allows a remote attacker to execute commands via shell metacharacters. |
| UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. |
| Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. |
| Local users can gain privileges using the debug utility in the MPE/iX operating system. |
| IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). |
| Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. |
| A service or application has a backdoor password that was placed there by the developer. |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). |
| A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. |
| The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |