| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. |
| PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. |
| Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). |
| Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields. |
| The Java Web Server would allow remote users to obtain the source code for CGI programs. |
| Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. |
| Vulnerability in the Wguest CGI program. |
| Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. |
| Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. |
| The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
| The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. |
| Denial of service through Winpopup using large user names. |
| Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. |
| AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
| All records in a WINS database can be deleted through SNMP for a denial of service. |
| OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. |
