Export limit exceeded: 363617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363617 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0575 1 Microsoft 1 Windows Nt 2026-04-16 N/A
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
CVE-2006-1888 1 Phpgraphy 1 Phpgraphy 2026-04-16 N/A
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
CVE-2006-1889 1 Script-solution.de 1 Boardsolution 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter).
CVE-1999-0582 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
CVE-1999-0584 2026-04-16 N/A
A Windows NT file system is not NTFS.
CVE-1999-0612 2 Gnu, Microsoft 4 Finger Service, Fingerd, Windows 2000 and 1 more 2026-04-16 N/A
A version of finger is running that exposes valid user information to any entity on the network.
CVE-1999-0669 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-0689 2 Cde, Sun 3 Cde, Solaris, Sunos 2026-04-16 N/A
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVE-1999-0762 1 Netscape 2 Communicator, Navigator 2026-04-16 N/A
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
CVE-2002-0770 1 Id Software 1 Quake 2i Server 2026-04-16 N/A
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
CVE-2002-1796 1 Hp 5 Chaivm Ezloader, Laserjet 4100, Laserjet 4500 and 2 more 2026-04-16 7.8 High
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
CVE-2002-1823 1 Lonerunner 1 Zeroo Http Server 2026-04-16 N/A
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2002-0776 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
CVE-2002-1831 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
CVE-2001-1533 1 Microsoft 1 Isa Server 2026-04-16 5.3 Medium
Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE
CVE-2002-1851 1 Ipswitch 1 Ws Ftp Pro 2026-04-16 N/A
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
CVE-2001-1534 1 Apache 1 Http Server 2026-04-16 N/A
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
CVE-2004-2047 1 Easyweb 1 Easyweb Filemanager 2026-04-16 N/A
Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.
CVE-2006-0528 1 Gnome 1 Evolution 2026-04-16 N/A
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
CVE-2001-1535 1 Open Source Development Network 1 Slashcode 2026-04-16 N/A
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.