| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface. |
| Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. |
| Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. |
| eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
| Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. |
| Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. |
| Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. |
| Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths. |
| Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options. |
| Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent. |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. |
| Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections." |
| traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. |
| Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable. |
| The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. |
| Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. |
| The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. |
| /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. |
| A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). |
