| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| A Unix account has a guessable password. |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. |
| An SNMP community name is guessable. |
| A NETBIOS/SMB share password is the default, null, or missing. |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. |
| Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. |
| Denial of service in talk program allows remote attackers to disrupt a user's display. |
| A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |
| Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. |
| HP Remote Watch allows a remote user to gain root access. |
| Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". |
| Linux cfingerd could be exploited to gain root access. |
| Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords. |
| Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. |
| Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. |
| Bash treats any character with a value of 255 as a command separator. |
| Denial of service in Windows NT IIS server using ..\.. |