| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. |
| Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. |
| Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." |
| nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. |
| LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. |
| Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. |
| Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands. |
| login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. |
| The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. |
| Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. |
| Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules. |
| Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. |
| Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. |
| rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. |
| Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. |
| Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf. |
| vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information. |
