Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0816 1 Orionserver 1 Orion Application Server 2025-04-03 N/A
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
CVE-1999-0914 1 Debian 1 Debian Linux 2025-04-03 N/A
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
CVE-2001-0889 2 Redhat, University Of Cambridge 3 Linux, Powertools, Exim 2025-04-03 N/A
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2002-1155 1 Redhat 2 Enterprise Linux, Linux 2025-04-03 N/A
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
CVE-2003-1308 1 Fvwm 1 Fvwm 2025-04-03 N/A
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
CVE-2004-0379 1 Microsoft 1 Sharepoint Portal Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
CVE-2004-0386 3 Gentoo, Mandrakesoft, Mplayer 3 Linux, Mandrake Linux, Mplayer 2025-04-03 N/A
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
CVE-2004-1334 2 Linux, Redhat 3 Linux Kernel, Fedora Core, Linux 2025-04-03 N/A
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
CVE-2005-1550 1 Colored Scripts 1 Easy Message Board 2025-04-03 N/A
easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter.
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
CVE-2006-3943 1 Microsoft 1 Ie 2025-04-03 N/A
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
CVE-2006-0789 1 Kyocera 1 Fs-3830n 2025-04-03 N/A
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.
CVE-2006-0773 1 Hitachi 1 Business Logic 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.
CVE-1999-0267 1 Ncsa 1 Ncsa Httpd 2025-04-03 N/A
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
CVE-1999-0510 2025-04-03 N/A
A router or firewall allows source routed packets from arbitrary hosts.
CVE-2006-4780 1 Phpbbxs 1 Phpbb Xs 2025-04-03 N/A
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2000-0710 1 Microsoft 1 Frontpage 2025-04-03 N/A
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
CVE-2001-1139 1 Ascii Nt 1 Winwrapper Professional 2025-04-03 N/A
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
CVE-2001-1187 1 Mutasem Abudahab 2 Csvform, Csvform Plus 2025-04-03 N/A
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.
CVE-2006-4783 1 Webspell 1 Webspell 2025-04-03 N/A
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.