| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. |
| The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. |
| SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands. |
| Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields. |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
| mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| root privileges via buffer overflow in xlock command on SGI IRIX systems. |
| JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. |
| Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. |
| Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
| Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. |
| Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. |
| Buffer overflow in xlock program allows local users to execute commands as root. |
| OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. |
