| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges. |
| Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| NFS allows attackers to read and write any file on the system by specifying a false UID. |
| Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag. |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |
| Denial of service in syslog by sending it a large number of superfluous messages. |
| Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. |
| NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed. |
| finger .@host on some systems may print information on some user accounts. |
| Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname. |
| CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). |
| NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. |
