Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0949 2 Lbl, Sun 2 Lbl Traceroute, Sunos 2025-04-03 N/A
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
CVE-2006-0320 1 Bit 5 Blog 1 Bit 5 Blog 2025-04-03 N/A
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.
CVE-2005-1312 1 Yappa-ng 1 Yappa-ng 2025-04-03 N/A
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
CVE-1999-0498 2025-04-03 N/A
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
CVE-1999-0771 1 Compaq 2 Insight Management Agent, Power Management 2025-04-03 N/A
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2004-1400 1 Active Server Corner 1 Asp Calendar 2025-04-03 N/A
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
CVE-1999-0756 1 Allaire 1 Coldfusion Server 2025-04-03 N/A
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
CVE-2004-2425 1 Axis 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more 2025-04-03 N/A
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
CVE-2002-1846 1 Yabb 1 Yabb 2025-04-03 N/A
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
CVE-2000-0950 1 Tis 1 Internet Firewall Toolkit 2025-04-03 N/A
Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
CVE-2005-1315 1 Horde 1 Turba 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2002-0460 1 Bitvise 1 Winsshd 2025-04-03 N/A
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
CVE-2005-3771 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
CVE-1999-0754 1 Isc 1 Inn 2025-04-03 N/A
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
CVE-2002-1839 1 Trend Micro 1 Interscan Viruswall For Windows Nt 2025-04-03 N/A
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
CVE-2005-3781 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."
CVE-2001-0227 1 Biblioscape 1 Biblioweb Server 2025-04-03 N/A
Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
CVE-2005-1323 1 Intersoft 1 Netterm 2025-04-03 N/A
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
CVE-2002-0458 1 Linux-sottises 1 News-tnk 2025-04-03 N/A
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.