| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. |
| The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." |
| The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. |
| Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. |
| A Unix account has a default, null, blank, or missing password. |
| Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. |
| sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. |
| inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
| arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
| mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
| squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
| glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. |
| mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. |
| Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. |
| Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. |
| w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. |
