| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges. |
| WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters. |
| The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. |
| AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. |
| The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. |
| Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. |
| cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process. |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. |
| wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. |
| Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. |
| The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. |
| The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords. |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. |
| Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. |
| Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. |
| CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN. |
| Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. |
| BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. |
| Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. |
