Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-1103 1 Bsdi 1 Bsd Os 2025-04-03 N/A
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
CVE-1999-1257 1 Xyplex 1 Maxserver Xyplex Terminal Server 2025-04-03 N/A
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).
CVE-1999-1258 1 Sun 1 Sunos 2025-04-03 N/A
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
CVE-2000-1106 1 Trend Micro 1 Interscan Viruswall 2025-04-03 N/A
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
CVE-2004-1892 1 Emule 1 Emule 2025-04-03 N/A
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.
CVE-2000-1181 1 Realnetworks 1 Realserver 2025-04-03 N/A
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
CVE-2000-1186 1 Phf 1 Phf 2025-04-03 N/A
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
CVE-2002-1034 1 Sun 1 I-runbook 2025-04-03 N/A
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
CVE-2000-1187 1 Netscape 2 Communicator, Navigator 2025-04-03 N/A
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
CVE-1999-1289 1 Mirabilis 1 Icq 2025-04-03 N/A
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
CVE-2005-2963 1 Mod Auth Shadow 1 Mod Auth Shadow 2025-04-03 N/A
The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
CVE-1999-1296 1 Mit 1 Kerberos 5 2025-04-03 N/A
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
CVE-2001-0271 1 Mailnews.cgi 1 Mailnews.cgi 2025-04-03 N/A
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
CVE-2000-1188 1 I-soft 1 Quikstore 2025-04-03 N/A
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
CVE-2002-1036 1 Zoltan Milosevic 1 Fluid Dynamics Search Engine 2025-04-03 N/A
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters.
CVE-2003-0308 2 Debian, Sendmail 2 Debian Linux, Sendmail 2025-04-03 N/A
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
CVE-2003-0726 1 Realnetworks 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player 2025-04-03 N/A
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
CVE-2006-4830 1 Blojsom 1 Blojsom 2025-04-03 N/A
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
CVE-2000-1190 1 Jon Atkins 1 Imwheel 2025-04-03 N/A
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
CVE-2005-2968 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.