| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner." |
| Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. |
| Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. |
| Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. |
| lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name. |
| The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. |
| The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. |
| Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. |
| includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801. |
| The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. |
| Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. |
| The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
| Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
| PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. |
| Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. |
| Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. |
| Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. |
