| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. |
| Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data. |
| Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. |
| UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. |
| MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages. |
| Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. |
| Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. |
| BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. |
| M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation. |
| BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. |
| write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. |
| Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
| classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. |
| FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. |
| TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite." |
| Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm. |
| Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. |
| Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. |
| Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. |
