Vendor CVEs
Sgi
All CVEs
263 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0248 | Cri | 0.65 | 9.8 | 0.11 | Jun 18, 2001 | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. | ||
| CVE-2001-0249 | Cri | 0.65 | 9.8 | 0.20 | Jun 18, 2001 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | ||
| CVE-2003-0174 | Cri | 0.64 | 9.8 | 0.01 | May 12, 2003 | The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | ||
| CVE-1999-0029 | Hig | 0.58 | 8.4 | 0.01 | Jul 16, 1997 | root privileges via buffer overflow in ordist command on SGI IRIX systems. | ||
| CVE-1999-0036 | Hig | 0.58 | 8.4 | 0.01 | May 26, 1997 | IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | ||
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.01 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | ||
| CVE-1999-0039 | Hig | 0.52 | 7.3 | 0.16 | May 6, 1997 | webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. | ||
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-1999-0059 | Hig | 0.48 | 7.3 | 0.02 | Jul 14, 1997 | IRIX fam service allows an attacker to obtain a list of all files on the server. | ||
| CVE-2024-45769 | Med | 0.36 | 5.5 | 0.00 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. | ||
| CVE-1999-0035 | Med | 0.35 | 5.4 | 0.01 | May 29, 1997 | Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. | ||
| CVE-2024-45770 | Med | 0.29 | 4.4 | 0.00 | Sep 19, 2024 | A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with… | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | |||
| CVE-2003-0694 | 0.08 | — | 0.60 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||
| CVE-2002-1318 | 0.07 | — | 0.52 | Dec 11, 2002 | Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode… | |||
| CVE-2001-0800 | 0.07 | — | 0.54 | Dec 6, 2001 | lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. | |||
| CVE-2001-0554 | 0.06 | — | 0.38 | Aug 14, 2001 | Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | |||
| CVE-2010-1039 | 0.05 | — | 0.20 | May 20, 2010 | Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code… | |||
| CVE-2004-0519 | 0.05 | — | 0.23 | Aug 18, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | |||
| CVE-2004-0110 | 0.05 | — | 0.24 | Mar 15, 2004 | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | |||
| CVE-2004-0104 | 0.05 | — | 0.26 | Mar 3, 2004 | Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. | |||
| CVE-2002-1317 | 0.05 | — | 0.24 | Dec 11, 2002 | Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | |||
| CVE-2001-0247 | 0.05 | — | 0.19 | Jun 18, 2001 | Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | |||
| CVE-1999-0003 | 0.05 | — | 0.24 | Apr 1, 1998 | Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). | |||
| CVE-2007-4938 | 0.04 | — | 0.16 | Sep 18, 2007 | Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a… | |||
| CVE-2004-1471 | 0.04 | — | 0.08 | Dec 31, 2004 | Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper… | |||
| CVE-2004-0520 | 0.04 | — | 0.07 | Aug 18, 2004 | Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||
| CVE-2004-0416 | 0.04 | — | 0.13 | Aug 6, 2004 | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | |||
| CVE-2003-0795 | 0.04 | — | 0.08 | Dec 15, 2003 | The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which… | |||
| CVE-2002-0652 | 0.04 | — | 0.09 | Jul 3, 2002 | xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | |||
| CVE-2000-0844 | 0.04 | — | 0.15 | Nov 14, 2000 | Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||
| CVE-2000-0733 | 0.04 | — | 0.12 | Oct 20, 2000 | Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. | |||
| CVE-2000-0704 | 0.04 | — | 0.13 | Oct 20, 2000 | Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. | |||
| CVE-2000-0245 | 0.04 | — | 0.12 | Mar 27, 2000 | Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. | |||
| CVE-2000-0207 | 0.04 | — | 0.08 | Mar 1, 2000 | SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. | |||
| CVE-2000-1220 | 0.04 | — | 0.14 | Jan 8, 2000 | The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. | |||
| CVE-2000-1221 | 0.04 | — | 0.17 | Jan 8, 2000 | The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended… | |||
| CVE-1999-0009 | 0.04 | — | 0.29 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||
| CVE-1999-0018 | 0.04 | — | 0.10 | Dec 5, 1997 | Buffer overflow in statd allows root privileges. | |||
| CVE-1999-0148 | 0.04 | — | 0.10 | Sep 1, 1997 | The handler CGI program in IRIX allows arbitrary command execution. | |||
| CVE-1999-0025 | 0.04 | — | 0.12 | Jul 16, 1997 | root privileges via buffer overflow in df command on SGI IRIX systems. | |||
| CVE-1999-0208 | 0.04 | — | 0.13 | Dec 12, 1995 | rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. | |||
| CVE-2005-2925 | 0.03 | — | 0.01 | Oct 12, 2005 | runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. | |||
| CVE-2005-0465 | 0.03 | — | 0.01 | May 2, 2005 | gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. | |||
| CVE-2005-0464 | 0.03 | — | 0.01 | May 2, 2005 | gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error. | |||
| CVE-2005-0156 | 0.03 | — | 0.01 | Feb 7, 2005 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||
| CVE-2004-0233 | 0.03 | — | 0.01 | Aug 18, 2004 | Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. | |||
| CVE-2004-0639 | 0.03 | — | 0.06 | Aug 6, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors… |
- risk 0.65cvss 9.8epss 0.11
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
- risk 0.65cvss 9.8epss 0.20
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
- risk 0.64cvss 9.8epss 0.01
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
- risk 0.58cvss 8.4epss 0.01
root privileges via buffer overflow in ordist command on SGI IRIX systems.
- risk 0.58cvss 8.4epss 0.01
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
- risk 0.58cvss 8.4epss 0.01
Buffer overflow in xlock program allows local users to execute commands as root.
- risk 0.52cvss 7.3epss 0.16
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
- risk 0.51cvss 7.8epss 0.01
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.48cvss 7.3epss 0.02
IRIX fam service allows an attacker to obtain a list of all files on the server.
- risk 0.36cvss 5.5epss 0.00
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
- risk 0.35cvss 5.4epss 0.01
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
- risk 0.29cvss 4.4epss 0.00
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with…
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- CVE-2001-0797Dec 12, 2001risk 0.10cvss —epss 0.89
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
- CVE-2003-0694Oct 6, 2003risk 0.08cvss —epss 0.60
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
- CVE-2002-1318Dec 11, 2002risk 0.07cvss —epss 0.52
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode…
- CVE-2001-0800Dec 6, 2001risk 0.07cvss —epss 0.54
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
- CVE-2001-0554Aug 14, 2001risk 0.06cvss —epss 0.38
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
- CVE-2010-1039May 20, 2010risk 0.05cvss —epss 0.20
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code…
- CVE-2004-0519Aug 18, 2004risk 0.05cvss —epss 0.23
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
- CVE-2004-0110Mar 15, 2004risk 0.05cvss —epss 0.24
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
- CVE-2004-0104Mar 3, 2004risk 0.05cvss —epss 0.26
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
- CVE-2002-1317Dec 11, 2002risk 0.05cvss —epss 0.24
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
- CVE-2001-0247Jun 18, 2001risk 0.05cvss —epss 0.19
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
- CVE-1999-0003Apr 1, 1998risk 0.05cvss —epss 0.24
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
- CVE-2007-4938Sep 18, 2007risk 0.04cvss —epss 0.16
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a…
- CVE-2004-1471Dec 31, 2004risk 0.04cvss —epss 0.08
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper…
- CVE-2004-0520Aug 18, 2004risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
- CVE-2004-0416Aug 6, 2004risk 0.04cvss —epss 0.13
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
- CVE-2003-0795Dec 15, 2003risk 0.04cvss —epss 0.08
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which…
- CVE-2002-0652Jul 3, 2002risk 0.04cvss —epss 0.09
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
- CVE-2000-0844Nov 14, 2000risk 0.04cvss —epss 0.15
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
- CVE-2000-0733Oct 20, 2000risk 0.04cvss —epss 0.12
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
- CVE-2000-0704Oct 20, 2000risk 0.04cvss —epss 0.13
Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
- CVE-2000-0245Mar 27, 2000risk 0.04cvss —epss 0.12
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
- CVE-2000-0207Mar 1, 2000risk 0.04cvss —epss 0.08
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
- CVE-2000-1220Jan 8, 2000risk 0.04cvss —epss 0.14
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
- CVE-2000-1221Jan 8, 2000risk 0.04cvss —epss 0.17
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended…
- CVE-1999-0009Apr 8, 1998risk 0.04cvss —epss 0.29
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
- CVE-1999-0018Dec 5, 1997risk 0.04cvss —epss 0.10
Buffer overflow in statd allows root privileges.
- CVE-1999-0148Sep 1, 1997risk 0.04cvss —epss 0.10
The handler CGI program in IRIX allows arbitrary command execution.
- CVE-1999-0025Jul 16, 1997risk 0.04cvss —epss 0.12
root privileges via buffer overflow in df command on SGI IRIX systems.
- CVE-1999-0208Dec 12, 1995risk 0.04cvss —epss 0.13
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
- CVE-2005-2925Oct 12, 2005risk 0.03cvss —epss 0.01
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
- CVE-2005-0465May 2, 2005risk 0.03cvss —epss 0.01
gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.
- CVE-2005-0464May 2, 2005risk 0.03cvss —epss 0.01
gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.
- CVE-2005-0156Feb 7, 2005risk 0.03cvss —epss 0.01
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
- CVE-2004-0233Aug 18, 2004risk 0.03cvss —epss 0.01
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
- CVE-2004-0639Aug 6, 2004risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors…
Page 1 of 6