| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. |
| Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. |
| ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. |
| SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. |
| The info2www CGI script allows remote file access or remote command execution. |
| Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. |
| ICMP redirect messages may crash or lock up a host. |
| Some implementations of rlogin allow root access if given a -froot parameter. |
| AIX bugfiler program allows local users to gain root access. |
| Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. |
| Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. |
| CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. |
| AIX passwd allows local users to gain root access. |
| Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. |
| AIX infod allows local users to gain root access through an X display. |
| xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. |
| Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. |
| Windows NT 4.0 beta allows users to read and delete shares. |
