| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |
| Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. |
| Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. |
| Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. |
| Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. |
| phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. |
| IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. |
| Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV. |
| periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. |
| Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. |
| Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. |
| Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. |
| Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests. |
| Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. |
| Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. |
| tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
