| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. |
| In older versions of Sendmail, an attacker could use a pipe character to execute root commands. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| NFS cache poisoning. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| NFS allows attackers to read and write any file on the system by specifying a false UID. |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. |
| Denial of service in syslog by sending it a large number of superfluous messages. |
| FormMail CGI program allows remote execution of commands. |
| FormMail CGI program can be used by web servers other than the host server that the program resides on. |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. |
| The Webgais program allows a remote user to execute arbitrary commands. |
| The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |
| Linux implementations of TFTP would allow access to files outside the restricted directory. |
| When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. |
