CVE-1999-0613
The rpc.sprayd service is running.
The rpc.sprayd service is running.
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
The recover program in Solstice Backup allows local users to restore sensitive files.
AIX techlibss allows local users to overwrite files via a symlink attack.
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not prope
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure
registrar in the HP resource monitor service allows local users to read and modify arbitrary files b
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to
Recourse ManTrap 1.6 modifies the kernel so that '..' does not appear in the /proc listing, which al
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attacker
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that n
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directo
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on u
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a sy
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows loca
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, a
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use s
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another p
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x t
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kerne
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and
The binfmt functionality in the Linux kernel, when 'memory overcommit' is enabled, allows local user
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a sym
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary f
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of mem
FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application cra
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files th
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is
The change password functionality in Bottomline Webseries Payment Application does not require the o
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm
Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which lea
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the exis
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (a
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverab
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to c
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticat
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 fir
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows co
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attack
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attacker
Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal al
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow re
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSA
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server be
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initi
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain st
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remot
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure me
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated us
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary fil
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, do
The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restric
Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated us
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows lo
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage dom
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/gri
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by t
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.1
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrit
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean AP
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.
Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated us
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and p
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by list
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allo
The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows phy
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before
Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend i
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and
Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when
Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for D
Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is en
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 do
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly c
A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unkn
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, w
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. T
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacke
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Ci
An out of bounds read was discovered in systemd-journald in the way it parses log messages that term
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read O
A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue a
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problema
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attack
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edi
A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affec
A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Aff
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential securit
The 'Test Connection' available in v7.x of the Red Hat Single Sign On application console can permit
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which all
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to ex
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affe
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Aff
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privile
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editor
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitra
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs t
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS rac
The programming function of Shockwall system has an improper input validation vulnerability. An auth
vim is vulnerable to Heap-based Buffer Overflow
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 all
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivil
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get I
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configura
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Hime
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF check
The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer wheth
A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulti
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
Deck is a kanban style organization tool aimed at personal planning and project organization for tea
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven
Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for inst
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 1
The issue was addressed with improved validation of environment variables. This issue is fixed in iO
A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for inst
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a us
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash throug
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problemati
A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local att
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, ca