| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. |
| nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. |
| Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. |
| IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. |
| /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. |
| Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. |
| Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. |
| vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. |
| vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. |
| Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. |
| Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet. |
| Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. |
| BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang. |
| REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts. |
| SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. |
| Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. |
| Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference. |
| content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. |
| Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. |
| Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. |
