| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. |
| Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. |
| Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. |
| Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. |
| Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. |
| Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. |
| Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
| Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. |
| The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections. |
| IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. |
| Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. |
| Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. |
| PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. |
| palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. |
| runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. |
| Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. |
| SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. |
| Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. |
| AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log. |
