Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0703 1 Larry Wall 1 Perl 2025-04-03 N/A
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
CVE-2000-0789 1 Bardon Data Systems 1 Winu 2025-04-03 N/A
WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
CVE-2005-0340 1 Apple 1 Afp Server 2025-04-03 N/A
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.
CVE-2006-0302 1 Zyxel 1 P2000w Version 2 Voip Wifi Phone 2025-04-03 N/A
ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090.
CVE-1999-0183 2 Linux, Tftp 2 Linux Kernel, Tftp 2025-04-03 N/A
Linux implementations of TFTP would allow access to files outside the restricted directory.
CVE-2000-0792 1 Alan Cox 1 Gnome-lokkit 2025-04-03 N/A
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
CVE-1999-0184 1 Isc 1 Bind 2025-04-03 N/A
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
CVE-1999-0185 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
CVE-1999-0194 2025-04-03 N/A
Denial of service in in.comsat allows attackers to generate messages.
CVE-2002-0284 1 Nullsoft 1 Winamp 2025-04-03 N/A
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
CVE-2000-0793 2 Novell, Symantec 2 Client, Norton Antivirus 2025-04-03 N/A
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
CVE-1999-0200 2025-04-03 N/A
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
CVE-2002-0287 1 Powie 1 Pforum 2025-04-03 N/A
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
CVE-2002-1785 1 Zeus Technologies 1 Zeus Web Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
CVE-2000-0803 1 Gnu 1 Groff 2025-04-03 N/A
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVE-2003-1061 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
CVE-2005-0404 2 Kde, Kmail 2 Kde, Kmail 2025-04-03 N/A
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
CVE-2000-0806 1 Checkpoint 1 Firewall-1 2025-04-03 N/A
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
CVE-1999-0203 1 Eric Allman 1 Sendmail 2025-04-03 N/A
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
CVE-2000-0810 1 Cgi Script Center 1 Auction Weaver 2025-04-03 N/A
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.