Export limit exceeded: 365170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4664 1 Ocomon 1 Ocomon 2026-04-16 N/A
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
CVE-2005-3477 1 Invision Power Services 1 Invision Gallery 2026-04-16 N/A
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.
CVE-2005-0112 1 3com 1 3crwe454g72 2026-04-16 N/A
The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.
CVE-1999-0099 5 Bsdi, Convex, Cray and 2 more 7 Bsd Os, Convexos, Spp-ux and 4 more 2026-04-16 N/A
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
CVE-2005-0109 5 Freebsd, Redhat, Sco and 2 more 9 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 6 more 2026-04-16 N/A
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
CVE-2005-0104 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
CVE-1999-0097 3 Hp, Ibm, Sun 4 Hp-ux, Aix, Solaris and 1 more 2026-04-16 N/A
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVE-2005-0099 1 Abuse 1 Abuse-sdl 2026-04-16 N/A
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
CVE-2005-0097 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
CVE-2005-0089 2 Python, Redhat 2 Python, Enterprise Linux 2026-04-16 N/A
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
CVE-2005-3475 1 Hasbani Web Server 1 Hasbani Web Server 2026-04-16 N/A
Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests.
CVE-2005-3474 1 Sony 1 First4internet Xcp Content Management 2026-04-16 N/A
The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.
CVE-2000-0256 1 Microsoft 3 Frontpage, Personal Web Server, Windows Nt 2026-04-16 N/A
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
CVE-2000-0377 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
CVE-1999-1366 1 David Harris 1 Pegasus Mail 2026-04-16 N/A
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
CVE-2000-0266 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
CVE-2000-0311 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
CVE-2000-0378 1 Redhat 1 Linux 2026-04-16 N/A
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
CVE-2000-0269 1 Gnu 1 Emacs 2026-04-16 N/A
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVE-1999-1375 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.