| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". |
| The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
| Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
| Buffer overflow in Solaris lpset program allows local users to gain root access. |
| Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. |
| The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. |
| FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. |
| Denial of service in HP-UX SharedX recserv program. |
| phf CGI program allows remote command execution through shell metacharacters. |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
| The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. |
