| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. |
| Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. |
| The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. |
| Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module. |
| PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the (1) sayfaadi or (2) sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE. |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. |
| BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. |
| bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter. |
| PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. |
| Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. |
| SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control. |
| PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory. |
| Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. |
| Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. |
| Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. |
| LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. |
| Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command. |
| Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter. |
