Export limit exceeded: 366762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366762 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1152 | 1 Baltimore Technologies | 1 Websweeper | 2026-04-16 | N/A |
| Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. | ||||
| CVE-2001-1146 | 1 Lee Herron | 1 Allcommerce | 2026-04-16 | N/A |
| AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. | ||||
| CVE-2001-1444 | 1 Kth | 1 Kth Kerberos | 2026-04-16 | N/A |
| The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack. | ||||
| CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | ||||
| CVE-2001-1417 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data. | ||||
| CVE-2001-1142 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. | ||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2026-04-16 | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | ||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2026-04-16 | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | ||||
| CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | ||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2026-04-16 | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | ||||
| CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2026-04-16 | N/A |
| Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | ||||
| CVE-2001-1246 | 2 Php, Redhat | 3 Php, Enterprise Linux, Linux | 2026-04-16 | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2003-0025 | 1 Horde | 1 Imp | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | ||||
| CVE-2004-0883 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2026-04-16 | N/A |
| Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | ||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2026-04-16 | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | ||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2026-04-16 | N/A |
| SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | ||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2026-04-16 | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". | ||||
| CVE-2006-0335 | 1 Kerio | 1 Winroute Firewall | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. | ||||