Medium · CVSS 5.6
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.
Published Apr 1, 2025 · Updated Apr 4, 2025
High · CVSS 7.3
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Published Sep 1, 2004 · Updated Oct 29, 2024
Unknown · CVSS Not scored
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter.
Published Sep 6, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
Published Jan 28, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
Published Mar 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
Published Aug 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
Published May 23, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
Published Jan 28, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
Published Oct 9, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.
Published Apr 15, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
Published Dec 2, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
Published Mar 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
Published Jul 25, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
Published Oct 1, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
Published Jul 10, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Published Aug 14, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
Published Apr 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
Published Sep 6, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
Published May 30, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
Published Sep 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
Published Oct 24, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
Published Sep 23, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
Published Oct 25, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.
Published Sep 12, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
Published Jun 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
Published Aug 23, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
Published Sep 12, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
Published Sep 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
Published Oct 17, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 23, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
Published Nov 21, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
Published Aug 21, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
Published Jun 24, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
Published Nov 21, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
Published Dec 27, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
Published Mar 30, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
Published Oct 1, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
Published Oct 23, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
Published May 10, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
Published Sep 6, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
Published Oct 24, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
Published Aug 20, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
Published Dec 20, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.
Published Jan 10, 2008 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
Published Aug 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.
Published Aug 14, 2003 · Updated Sep 17, 2024