Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1837 1 Ids 1 Ids 2025-04-03 N/A
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
CVE-2005-2858 1 Rediff 1 Bol 2025-04-03 N/A
The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method.
CVE-1999-0965 1 X.org 1 X11 2025-04-03 N/A
Race condition in xterm allows local users to modify arbitrary files via the logging option.
CVE-2005-0927 1 Web-app.org 1 Webapp 2025-04-03 N/A
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
CVE-2006-0451 1 Redhat 2 Directory Server, Fedora Core 2025-04-03 N/A
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-0539 1 Thibault Godouet 1 Fcron 2025-04-03 N/A
The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."
CVE-2005-0947 1 Coinsoft Technologies 1 Phpcoin 2025-04-03 N/A
Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.
CVE-2001-0275 1 Moby 1 Netsuite Web Server 2025-04-03 N/A
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
CVE-2002-1843 1 Perlbot 1 Perlbot 2025-04-03 N/A
Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
CVE-1999-0979 1 Sco 1 Unixware 2025-04-03 N/A
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
CVE-1999-0982 1 Sun 2 Solaris, Web-based Enterprise Management 2025-04-03 N/A
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
CVE-2006-0558 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.
CVE-2002-0534 1 Postboard 1 Postboard 2025-04-03 N/A
PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
CVE-2002-0736 1 Microsoft 1 Backoffice 2025-04-03 N/A
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
CVE-2006-0476 1 Nullsoft 1 Winamp 2025-04-03 N/A
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2025-04-03 N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2000-1148 1 Volano Llc 1 Volanochatpro 2025-04-03 N/A
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
CVE-2001-0284 1 Openbsd 1 Openbsd 2025-04-03 N/A
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
CVE-1999-1023 1 Sun 1 Sunos 2025-04-03 N/A
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
CVE-1999-1029 1 Ssh 1 Ssh2 2025-04-03 N/A
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.