Export limit exceeded: 363507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363507 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2026-04-16 | N/A |
| Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | ||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | ||||
| CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | ||||
| CVE-2006-1800 | 1 Simplemedia | 1 Simplebbs | 2026-04-16 | N/A |
| Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log. | ||||
| CVE-2001-0517 | 1 Oracle | 1 Oracle8i | 2026-04-16 | N/A |
| Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. | ||||
| CVE-2001-0524 | 1 Eeye Digital Security | 1 Securells | 2026-04-16 | N/A |
| eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier. | ||||
| CVE-2001-0525 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument. | ||||
| CVE-2001-0538 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | ||||
| CVE-2001-0555 | 1 Screaming Media | 1 Siteware | 2026-04-16 | N/A |
| ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. | ||||
| CVE-2001-0564 | 1 Apc | 1 Ap9606 | 2026-04-16 | N/A |
| APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. | ||||
| CVE-2001-0572 | 3 Openbsd, Redhat, Ssh | 3 Openssh, Linux, Ssh | 2026-04-16 | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | ||||
| CVE-2001-0573 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory. | ||||
| CVE-2001-0574 | 1 Jason Rahaim | 1 Mp3mystic | 2026-04-16 | N/A |
| Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL. | ||||
| CVE-2001-0582 | 1 Ben Spink | 1 Crushftp Ftp Server | 2026-04-16 | N/A |
| Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR. | ||||
| CVE-2001-0592 | 1 Watchguard | 1 Firebox Ii | 2026-04-16 | N/A |
| Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. | ||||
| CVE-2001-0600 | 1 Lotus | 1 Domino R5 Server | 2026-04-16 | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. | ||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2026-04-16 | 9.8 Critical |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | ||||
| CVE-2001-0614 | 1 Carello | 1 E-commerce | 2026-04-16 | N/A |
| Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. | ||||
| CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2026-04-16 | N/A |
| Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | ||||
| CVE-2001-0627 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack. | ||||