| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. |
| Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| The Java Web Server would allow remote users to obtain the source code for CGI programs. |
| Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. |
| In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. |
| Vulnerability in the Wguest CGI program. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. |
| ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. |
| The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. |
| Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. |
| Solaris volrmmount program allows attackers to read any file. |
| Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
| ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. |
| Buffer overflow in SunOS/Solaris ps command. |
| SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. |