| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. |
| The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords. |
| glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. |
| The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. |
| Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." |
| Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. |
| iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences. |
| tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. |
| Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. |
| Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. |
| Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. |
| Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. |
| Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238. |
| NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. |
| Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. |
| A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. |