Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0024 1 Microsoft 3 Internet Information Server, Site Server, Site Server Commerce 2025-04-03 N/A
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVE-1999-0006 1 Qualcomm 1 Qpopper 2025-04-03 9.8 Critical
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
CVE-2004-2691 1 3com 3 3c17205-us, 3c17210-us, Superstack 3 Switch 2025-04-03 N/A
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
CVE-2002-0245 1 Lotus 1 Domino 2025-04-03 N/A
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
CVE-2000-0675 1 Infopulse 1 Gatekeeper 2025-04-03 N/A
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.
CVE-2000-0676 1 Netscape 1 Communicator 2025-04-03 N/A
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
CVE-2006-0070 1 Drupal 1 Drupal 2025-04-03 N/A
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE
CVE-2000-0677 1 Ibm 1 Net.data 2025-04-03 N/A
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
CVE-2002-0230 1 Faq-o-matic 1 Faq-o-matic 2025-04-03 N/A
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
CVE-1999-0014 3 Cde, Hp, Ibm 4 Cde, Hp-ux, Vvos and 1 more 2025-04-03 N/A
Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVE-2006-0073 1 Discusware 2 Discus Freeware, Discus Professional 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2505 1 Oracle 1 Database Server 2025-04-03 N/A
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
CVE-2000-0683 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVE-2000-0684 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
CVE-2000-0687 1 Cgi Script Center 1 Auction Weaver 2025-04-03 N/A
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
CVE-2000-0091 1 Inter7 1 Vpopmail 2025-04-03 N/A
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
CVE-2000-0691 1 Gert Doering 1 Mgetty 2025-04-03 N/A
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
CVE-2005-1052 1 Microsoft 2 Outlook, Outlook Web Access 2025-04-03 N/A
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
CVE-2000-0694 1 Tech-source 1 Raptor Gfx Pgx32 2025-04-03 N/A
pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.
CVE-2002-1762 1 Microsoft 1 Baseline Security Analyzer 2025-04-03 N/A
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.