Export limit exceeded: 363617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0575 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. | ||||
| CVE-2006-1888 | 1 Phpgraphy | 1 Phpgraphy | 2026-04-16 | N/A |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. | ||||
| CVE-2006-1889 | 1 Script-solution.de | 1 Boardsolution | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). | ||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | ||||
| CVE-1999-0584 | 2026-04-16 | N/A | ||
| A Windows NT file system is not NTFS. | ||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2026-04-16 | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | ||||
| CVE-1999-0669 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | ||||
| CVE-1999-0689 | 2 Cde, Sun | 3 Cde, Solaris, Sunos | 2026-04-16 | N/A |
| The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. | ||||
| CVE-1999-0762 | 1 Netscape | 2 Communicator, Navigator | 2026-04-16 | N/A |
| When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. | ||||
| CVE-2002-0770 | 1 Id Software | 1 Quake 2i Server | 2026-04-16 | N/A |
| Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | ||||
| CVE-2002-1796 | 1 Hp | 5 Chaivm Ezloader, Laserjet 4100, Laserjet 4500 and 2 more | 2026-04-16 | 7.8 High |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | ||||
| CVE-2002-1823 | 1 Lonerunner | 1 Zeroo Http Server | 2026-04-16 | N/A |
| Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request. | ||||
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | ||||
| CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | ||||
| CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2026-04-16 | 5.3 Medium |
| Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE | ||||
| CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2026-04-16 | N/A |
| Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | ||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | ||||
| CVE-2004-2047 | 1 Easyweb | 1 Easyweb Filemanager | 2026-04-16 | N/A |
| Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. | ||||
| CVE-2006-0528 | 1 Gnome | 1 Evolution | 2026-04-16 | N/A |
| The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | ||||
| CVE-2001-1535 | 1 Open Source Development Network | 1 Slashcode | 2026-04-16 | N/A |
| Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. | ||||