| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. |
| Buffer overflow in Dosemu Slang library in Linux. |
| The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root. |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. |
| Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. |
| A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
| wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. |
| DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. |
| Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. |
| Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. |
| IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. |
| A buffer overflow in lsof allows local users to obtain root privilege. |
| Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests. |
| Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status |
| Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege. |
| The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. |
| Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
| The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. |
