| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. |
| mmap function in BSD allows local attackers in the kmem group to modify memory through devices. |
| Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. |
| buffer overflow in HP xlock program. |
| Buffer overflow in HP-UX cstm program allows local users to gain root privileges. |
| Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. |
| HP-UX gwind program allows users to modify arbitrary files. |
| fpkg2swpk in HP-UX allows local users to gain root access. |
| Buffer overflow in Linux su command gives root access to local users. |
| HP ypbind allows attackers with root privileges to modify NIS data. |
| Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. |
| Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. |
| SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
| Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS. |
| Buffer overflow in Solaris kcms_configure command allows local users to gain root access. |
| Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php. |
| The open() function in FreeBSD allows local attackers to write to arbitrary files. |
| SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. |
