Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1056 1 Linux 1 Linux Kernel 2025-04-03 N/A
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
CVE-2002-0905 1 Ibm 1 Informix 2025-04-03 N/A
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
CVE-2002-1595 1 Cisco 1 Sn 5420 Storage Router Firmware 2025-04-03 N/A
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.
CVE-2003-0843 1 Dag Apt Repository 1 Mod Gzip 2025-04-03 N/A
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
CVE-2006-3948 1 Php-nuke 1 Inp 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2002-0906 1 Sendmail 1 Sendmail 2025-04-03 N/A
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
CVE-2002-1596 1 Cisco 1 Sn 5420 Storage Router Firmware 2025-04-03 N/A
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers.
CVE-2006-3959 1 X-scripts 1 X-statistics 2025-04-03 N/A
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
CVE-2001-1065 1 Cisco 1 Cbos 2025-04-03 N/A
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
CVE-2004-1452 1 Gentoo 1 Linux 2025-04-03 N/A
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
CVE-2004-1453 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-03 N/A
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
CVE-2004-1455 1 Xine 1 Xine-lib 2025-04-03 N/A
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
CVE-2005-4050 1 Multi-tech Systems 1 Multivoip 2025-04-03 N/A
Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet.
CVE-2006-1537 1 Webcalendar 1 Webcalendar 2025-04-03 N/A
Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages.
CVE-2004-1463 1 Moinmoin 1 Moinmoin 2025-04-03 N/A
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
CVE-2005-4053 1 Cowiki 1 Cowiki 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html.
CVE-2005-0510 1 Fallback-reboot 1 Fallback-reboot 2025-04-03 N/A
The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.
CVE-2005-0494 1 Thomson 1 Thomson Cable Modem 2025-04-03 N/A
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
CVE-2003-0009 1 Microsoft 2 Windows Me, Windows Xp 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
CVE-2002-0909 1 Matsushita Research 1 Mnews 2025-04-03 N/A
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.