Critical · CVSS 9.8
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
Published Apr 21, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
Published Apr 21, 2005 · Updated Aug 1, 2024
Unknown · CVSS Not scored
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.
Published Apr 2, 2003 · Updated Aug 1, 2024
Unknown · CVSS Not scored
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
Published Apr 2, 2003 · Updated Aug 1, 2024
Unknown · CVSS Not scored
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
Published Apr 2, 2003 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
xsoldier program allows local users to gain root access via a long argument.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Firewall-1 does not properly restrict access to LDAP attributes.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A remote attacker can read information from a Netscape user's cache via JavaScript.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
Published Apr 25, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Solaris lpset program allows local users to gain root access.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
Published Apr 18, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
Published Apr 25, 2000 · Updated Aug 1, 2024