| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
| Vacation program allows command execution by remote users through a sendmail command. |
| Buffer overflow in AIX lquerylv program gives root access to local users. |
| Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key. |
| IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. |
| IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. |
| Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
| AIX techlibss allows local users to overwrite files via a symlink attack. |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. |
| Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. |
| lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory. |
| Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings." |
| Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument. |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |
| Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). |
| HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. |
| NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. |