| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. |
| Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. |
| Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option. |
| fpkg2swpk in HP-UX allows local users to gain root access. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. |
| Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server. |
| HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. |
| Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. |
| Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands. |
| Denial of service in HP-UX SharedX recserv program. |
| HP-UX vgdisplay program gives root access to local users. |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. |
| stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. |
| Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. |
| HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. |
| registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. |
| Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges. |
| The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. |
