| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. |
| LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. |
| KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. |
| Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. |
| StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. |
| NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords. |
| NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests. |
| Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users. |
| IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. |
| Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter. |
| Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. |
| KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. |
| Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field. |
| Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. |
| Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. |
| iPass RoamServer 3.1 creates temporary files with world-writable permissions. |
| Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter. |
| Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. |
| Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information. |
