Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0169 1 Redhat 3 Docbook Stylesheets, Docbook Utils, Linux 2025-04-03 N/A
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
CVE-2002-0176 1 Avaya 1 Libsafe 2025-04-03 N/A
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
CVE-2002-0179 1 Xpilot 1 Xpilot 2025-04-03 N/A
Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code.
CVE-2002-1747 1 Maxim Krasnyansky 1 Vtun 2025-04-03 N/A
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB.
CVE-2003-0100 1 Cisco 1 Ios 2025-04-03 N/A
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
CVE-2006-2347 1 Oasyssoft 1 E-business Designer 2025-04-03 N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
CVE-2002-0198 1 Paul L Daniels 2 Inflex, Ripmime 2025-04-03 N/A
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
CVE-2004-2398 1 Netenberg 1 Fantastico De Luxe 2025-04-03 N/A
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
CVE-2002-0199 1 Nullsoft 1 Shoutcast Server 2025-04-03 N/A
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
CVE-2002-1754 1 Novell 1 Netware Client 2025-04-03 N/A
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
CVE-2001-0412 1 Cisco 3 Content Services Switch 11050, Content Services Switch 11150, Content Services Switch 11800 2025-04-03 N/A
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
CVE-2006-2370 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 N/A
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
CVE-2000-0621 1 Microsoft 2 Outlook, Outlook Express 2025-04-03 N/A
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
CVE-2002-0209 1 Nortel 1 Alteon Acedirector 2025-04-03 N/A
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
CVE-2002-0230 1 Faq-o-matic 1 Faq-o-matic 2025-04-03 N/A
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
CVE-1999-0014 3 Cde, Hp, Ibm 4 Cde, Hp-ux, Vvos and 1 more 2025-04-03 N/A
Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVE-2006-0073 1 Discusware 2 Discus Freeware, Discus Professional 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2505 1 Oracle 1 Database Server 2025-04-03 N/A
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
CVE-2000-0683 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVE-2000-0684 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.