Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2393 1 Empire Server 1 Empire Server 2025-04-03 N/A
The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access.
CVE-1999-1294 1 Microsoft 1 Windows Nt 2025-04-03 N/A
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
CVE-2000-0627 1 Blackboard 1 Courseinfo 2025-04-03 N/A
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
CVE-1999-1299 2 Redhat, Slackware 2 Linux, Slackware Linux 2025-04-03 N/A
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
CVE-2000-0628 1 Joshua Chamas 1 Apache Asp 2025-04-03 N/A
The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
CVE-2005-0996 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.
CVE-2006-2411 1 Raydium 1 Raydium 2025-04-03 N/A
Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client.
CVE-2005-4869 1 Ibm 1 Db2 2025-04-03 N/A
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.
CVE-2000-0629 1 Sun 1 Java System Web Server 2025-04-03 N/A
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
CVE-2002-0218 1 Sas 2 Sas Base, Sas Integration Technologies 2025-04-03 N/A
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
CVE-2002-1756 1 Acd Systems 1 Acdsee 2025-04-03 N/A
ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed.
CVE-2005-1001 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.
CVE-2005-1011 1 Iatek 1 Siteenable 2025-04-03 N/A
SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2006-3595 1 Cisco 1 Router Web Setup 2025-04-03 N/A
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
CVE-2000-0643 1 Itafrica 1 Webactive 2025-04-03 N/A
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
CVE-2000-0645 1 Texas Imperial Software 1 Wftpd 2025-04-03 N/A
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
CVE-2005-1012 1 Iatek 1 Siteenable 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description.
CVE-2006-0741 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
CVE-2004-2577 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
CVE-2006-2463 1 Out Of The Trees Web Design 1 Selectapix 2025-04-03 N/A
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.