Export limit exceeded: 26345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0400 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
CVE-2005-0797 1 Novell 1 Ichain 2026-04-16 N/A
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
CVE-2005-0850 1 Filezilla-project 1 Filezilla Server 2026-04-16 N/A
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.
CVE-2004-1675 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
CVE-2005-2923 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
CVE-2004-2596 1 Id Software 1 Quake Ii Server 2026-04-16 N/A
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
CVE-2006-4541 1 Iss 1 Blackice Pc Protection 2026-04-16 N/A
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected.
CVE-2006-4537 1 Dec 1 Dec Openvms Alpha 2026-04-16 N/A
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.
CVE-2002-0208 1 Network.associates 1 Pgpfire 2026-04-16 N/A
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
CVE-2006-3014 1 Microsoft 1 Excel 2026-04-16 N/A
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
CVE-2005-3183 2 Redhat, W3c 2 Enterprise Linux, Libwww 2026-04-16 N/A
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
CVE-2006-4595 1 Muforum 1 Muforum 2026-04-16 N/A
muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.
CVE-2006-0298 1 Mozilla 2 Firefox, Seamonkey 2026-04-16 N/A
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
CVE-2004-1602 1 Proftpd 1 Proftpd 2026-04-16 N/A
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
CVE-2003-1350 1 List Site Pro 1 List Site Pro 2026-04-16 N/A
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
CVE-2005-3398 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVE-2004-1428 1 Argosoft 1 Ftp Server 2026-04-16 N/A
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
CVE-2004-2252 1 Sophos 1 Astaro Security Linux 2026-04-16 N/A
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
CVE-2005-3529 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
CVE-2004-1617 1 University Of Kansas 1 Lynx 2026-04-16 N/A
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.