| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. |
| banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. |
| GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. |
| time server daemon timed allows remote attackers to cause a denial of service via malformed packets. |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. |
| Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits. |
| Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. |
| Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. |
| The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. |
| NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. |
| Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. |
| nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. |
| /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. |
| ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. |
| Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. |
| sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. |
| Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). |
