| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. |
| CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. |
| Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. |
| Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. |
| Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request. |
| wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. |
| War FTP Daemon 1.70 allows remote attackers to cause a denial of service by flooding it with connections. |
| Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. |
| The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. |
| A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. |
| shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. |
| An application-critical Windows NT registry key has inappropriate permissions. |
| An application-critical Windows NT registry key has an inappropriate value. |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |