| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. |
| The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. |
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. |
| Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. |
| The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. |
| The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| NFS cache poisoning. |
| WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |
| Denial of service in syslog by sending it a large number of superfluous messages. |
