| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files. |
| Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| The SSH authentication agent follows symlinks via a UNIX domain socket. |
| Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| A remote attacker can read information from a Netscape user's cache via JavaScript. |
| Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
| Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. |
| Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. |
| Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." |
| SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter. |
| ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration. |
| Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. |
| Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. |
| The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. |
| Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06. |
| The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. |
