| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. |
| GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. |
| A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. |
| Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. |
| pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled. |
| eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords. |
| SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. |
| Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. |
| Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords. |
| Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. |
| Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. |
| Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. |
| Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages. |
| Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. |
| The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. |
| Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. |
| A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. |
| Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. |
