| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module. |
| The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. |
| Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. |
| Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port. |
| Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack. |
| Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions. |
| HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. |
| Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument. |
| Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. |
| LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. |
| SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. |
| tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file. |
| Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. |
| Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." |
| Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. |
| Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. |
| Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. |