Unix: Security Vulnerabilities
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVSS Score
9.3
EPSS Score
0.004
Published
2007-11-20
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
CVSS Score
7.8
EPSS Score
0.013
Published
2007-06-06
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
CVSS Score
4.3
EPSS Score
0.002
Published
2007-03-20
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVSS Score
4.4
EPSS Score
0.001
Published
2007-03-02
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVSS Score
5.0
EPSS Score
0.002
Published
2003-12-31
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVSS Score
5.0
EPSS Score
0.003
Published
2003-12-31
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.043
Published
2003-12-31
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2003-12-31
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
CVSS Score
5.0
EPSS Score
0.007
Published
1999-02-22