Unknown · CVSS Not scored
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Published Aug 4, 2015 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239.
Published Aug 29, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.
Published Aug 29, 2001 · Updated Aug 8, 2024