| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. |
| BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. |
| The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. |
| Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. |
| The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. |
| HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. |
| The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. |
| Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. |
| NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. |
| Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. |
| Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. |
| Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. |
| Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. |
| SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. |
| MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. |
| The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. |