| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. |
| A NETBIOS/SMB share password is guessable. |
| Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set. |
| Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable. |
| A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. |
| Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument. |
| Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory. |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
| A password for accessing a WWW URL is guessable. |
| ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d". |
| Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. |
| A superfluous NFS server is running, but it is not importing or exporting any file systems. |
| Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. |
| Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. |
| Buffer overflow in AIX dtterm program for the CDE. |
| Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. |
| Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network. |
| Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
| Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path. |
