| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
| DPEC Online Courseware allows an attacker to change another user's password without knowing the original password. |
| A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. |
| A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. |
| The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext. |
| In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. |
| The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. |
| A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
| wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. |
| Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. |
| A buffer overflow in lsof allows local users to obtain root privilege. |
| Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege. |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. |
| Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
| Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. |
| The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. |
| Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access. |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. |