Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1481 1 National Science Foundation 1 Squid Web Proxy 2025-04-03 N/A
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
CVE-1999-1501 1 Sgi 1 Irix 2025-04-03 N/A
(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.
CVE-1999-1514 1 Celtech Software 1 Expressfs 2025-04-03 N/A
Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
CVE-2001-0751 1 Cisco 1 Cbos 2025-04-03 N/A
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
CVE-2001-1104 1 Sonicwall 2 Soho, Soho Firmware 2025-04-03 N/A
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
CVE-2003-0816 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
CVE-2003-0817 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
CVE-2003-0823 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
CVE-2004-0501 1 Microsoft 1 Outlook 2025-04-03 N/A
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.
CVE-2004-0502 1 Microsoft 1 Outlook 2025-04-03 N/A
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
CVE-2005-2639 1 Valusoft 1 Chris Moneymakers World Poker Championship 2025-04-03 N/A
Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
CVE-2005-4451 1 Hp 1 Hp-ux 2025-04-03 N/A
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
CVE-1999-0023 6 Bsdi, Freebsd, Ibm and 3 more 10 Bsd Os, Freebsd, Aix and 7 more 2025-04-03 N/A
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
CVE-2002-1976 1 Linux 1 Linux Kernel 2025-04-03 N/A
ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
CVE-2002-1994 1 Gamecheats 1 Advanced Web Server Professional 2025-04-03 N/A
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
CVE-2002-2000 1 Compaq 1 Acms 2025-04-03 N/A
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
CVE-2001-0759 1 Jetico 1 Bestcrypt 2025-04-03 N/A
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.
CVE-2002-2022 1 Kaffe 1 Kaffe Openvm 2025-04-03 N/A
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
CVE-2002-2031 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
CVE-2003-0980 1 Freescripts 1 Visitorbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.