| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. |
| PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter. |
| Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. |
| Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. |
| SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme. |
| List of arbitrary files on Web host via nph-test-cgi script. |
| Vacation program allows command execution by remote users through a sendmail command. |
| CGI PHP mylog script allows an attacker to read any file on the target server. |
| php.cgi allows attackers to read any file on the system. |
| Buffer overflow in Solaris kcms_configure command allows local users to gain root access. |
| The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. |
| The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. |
| IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. |
| Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. |
| Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. |
| Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. |
| Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. |
| IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. |
