Search Results (365264 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3549 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
CVE-2005-3550 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
CVE-2005-3552 1 Phpkit 1 Phpkit 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.
CVE-1999-0156 1 Washington University 1 Wu-ftpd 2026-04-16 N/A
wu-ftpd FTP daemon allows any user and password combination.
CVE-1999-1420 1 N-base 5 Nh2012, Nh2012r, Nh2015 and 2 more 2026-04-16 N/A
NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration.
CVE-2000-0275 1 Cryptocard 1 Cryptoadmin 2026-04-16 N/A
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
CVE-2000-0329 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2026-04-16 N/A
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-1999-0159 1 Cisco 1 Ios 2026-04-16 3.5 Low
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
CVE-1999-0168 1 Sun 1 Sunos 2026-04-16 N/A
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
CVE-1999-1429 1 Dit 1 Transferpro 2026-04-16 N/A
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
CVE-2005-0357 2 Emc, Sun 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software 2026-04-16 N/A
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
CVE-2005-3556 1 Tincan 1 Phplist 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.
CVE-1999-0179 1 Microsoft 2 Windows 95, Windows Nt 2026-04-16 N/A
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
CVE-2000-0276 1 Be 1 Beos 2026-04-16 N/A
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
CVE-2000-0338 1 Concurrent Versions Software Project 1 Concurrent Versions Software 2026-04-16 5.5 Medium
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
CVE-2000-0380 1 Cisco 1 Ios 2026-04-16 N/A
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
CVE-2005-0359 2 Emc, Sun 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software 2026-04-16 N/A
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
CVE-2005-3557 1 Tincan 1 Phplist 2026-04-16 N/A
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
CVE-1999-0190 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
CVE-2000-0347 1 Microsoft 2 Windows 95, Windows 98 2026-04-16 N/A
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.