Search Results (26336 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2649 1 Eudora 1 Eudora 2026-04-16 N/A
Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as "&#32") in the middle of the URL.
CVE-2002-2406 1 Perception 1 Liteserve 2026-04-16 N/A
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
CVE-2004-2706 1 Phrozensmoke 1 Gyach Enhanced 2026-04-16 N/A
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
CVE-2002-2393 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
CVE-2002-2369 1 Perception 1 Liteserve 2026-04-16 N/A
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVE-2003-1441 1 Posadis 1 Posadis 2026-04-16 N/A
Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference.
CVE-2005-0449 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
CVE-2005-0492 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
CVE-2002-2328 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
CVE-2002-2365 1 Springer Verlag Berlin Heidelberg 1 Simple Wais 2026-04-16 N/A
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
CVE-2005-0797 1 Novell 1 Ichain 2026-04-16 N/A
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
CVE-2003-1003 1 Cisco 2 Pix Firewall, Pix Firewall Software 2026-04-16 N/A
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2026-04-16 N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2026-04-16 N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2002-2314 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
CVE-2005-0850 1 Filezilla-project 1 Filezilla Server 2026-04-16 N/A
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.
CVE-2002-1874 1 Astrocam 1 Astrocam 2026-04-16 N/A
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
CVE-2005-0904 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
CVE-2005-1028 1 Phpnuke 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
CVE-2002-0419 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.