Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4189 1 Horde 1 Kronolith H3 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
CVE-1999-0742 1 Debian 1 Debian Linux 2025-04-03 N/A
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
CVE-2002-0458 1 Linux-sottises 1 News-tnk 2025-04-03 N/A
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
CVE-2002-1839 1 Trend Micro 1 Interscan Viruswall For Windows Nt 2025-04-03 N/A
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
CVE-1999-0754 1 Isc 1 Inn 2025-04-03 N/A
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
CVE-2002-0460 1 Bitvise 1 Winsshd 2025-04-03 N/A
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
CVE-2002-1846 1 Yabb 1 Yabb 2025-04-03 N/A
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
CVE-1999-0756 1 Allaire 1 Coldfusion Server 2025-04-03 N/A
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2006-0395 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-1999-0757 1 Allaire 1 Coldfusion Server 2025-04-03 N/A
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
CVE-1999-0765 1 Sgi 1 Irix 2025-04-03 N/A
SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.
CVE-2002-1854 1 Rlaj 1 Rlaj Whois 2025-04-03 N/A
Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.
CVE-1999-0769 4 Caldera, Debian, Paul Vixie and 1 more 4 Openlinux, Debian Linux, Vixie Cron and 1 more 2025-04-03 N/A
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVE-2002-0466 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
CVE-2003-0238 1 Mirabilis 1 Icq 2025-04-03 N/A
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
CVE-2000-1087 1 Microsoft 2 Data Engine, Sql Server 2025-04-03 N/A
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2005-1890 1 Mortiforo 1 Mortiforo 2025-04-03 N/A
Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors.
CVE-2000-1090 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
CVE-1999-0779 1 Hp 1 Hp-ux 2025-04-03 N/A
Denial of service in HP-UX SharedX recserv program.