Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0487 1 Workforceroi 1 Xpede 2025-04-03 N/A
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVE-1999-0896 1 Realnetworks 1 Realserver G2 2025-04-03 N/A
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
CVE-2002-0488 1 Linux Directory Penguin 1 Linux Directory Penguin Traceroute 2025-04-03 N/A
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
CVE-2002-0492 1 Dcscripts 1 Dcshop 2025-04-03 N/A
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVE-2005-0700 1 Aztek Forum 1 Aztek Forum 2025-04-03 N/A
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
CVE-1999-0902 1 Linux-nis 1 Ypserv 2025-04-03 N/A
ypserv allows local administrators to modify password tables.
CVE-1999-0932 1 Mediahouse Software 1 Statistics Server 2025-04-03 N/A
Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.
CVE-1999-0940 1 Mutt 1 Mutt Mail Client 2025-04-03 N/A
Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.
CVE-1999-0942 1 Sco 1 Unixware 2025-04-03 N/A
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
CVE-2001-0272 1 W3.org 1 Sendtemp.pl 2025-04-03 N/A
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
CVE-2002-0499 1 Linux 1 Linux Kernel 2025-04-03 N/A
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
CVE-2002-1881 1 Macromedia 1 Flash Player 2025-04-03 N/A
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
CVE-1999-0943 1 Openlink 1 Openlink 2025-04-03 N/A
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
CVE-2002-0501 1 Posadis 1 Posadis 2025-04-03 N/A
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
CVE-1999-0949 3 Sgi, Sun, Turbolinux 4 Irix, Solaris, Sunos and 1 more 2025-04-03 N/A
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
CVE-2003-1235 1 Brs 1 Webweaver 2025-04-03 N/A
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.
CVE-2005-0969 1 Apple 1 Mac Os X 2025-04-03 N/A
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
CVE-2005-1008 1 Asp-dev 1 Xm Forum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag.
CVE-2006-0445 1 Phpclanwebsite 1 Phpclanwebsite 2025-04-03 N/A
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
CVE-2001-0274 1 Kicq 1 Kicq 2025-04-03 N/A
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.