| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. |
| MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| root privileges via buffer overflow in pset command on SGI IRIX systems. |
| root privileges via buffer overflow in login/scheme command on SGI IRIX systems. |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. |
| JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. |
| Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users. |
| netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. |
| Buffer overflow in xlock program allows local users to execute commands as root. |
| Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
| IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. |
| The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. |
| AnyForm CGI remote execution. |
| Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf. |
| CGI PHP mylog script allows an attacker to read any file on the target server. |
