| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). |
| finger 0@host on some systems may print information on some user accounts. |
| Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. |
| finger .@host on some systems may print information on some user accounts. |
| A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. |
| The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. |
| SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. |
| In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. |
| Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
| Denial of service in Sendmail 8.6.11 and 8.6.12. |
| MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
| Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. |
| libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. |
| Denial of service by sending forged ICMP unreachable packets. |
| Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. |
| Routed allows attackers to append data to files. |
| Denial of service of inetd on Linux through SYN and RST packets. |
