Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0785 1 Phpkit 1 Phpkit 2025-04-03 N/A
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
CVE-2000-0782 1 Netwin 1 Netauth 2025-04-03 N/A
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2005-0303 1 Comersus Open Technologies 1 Comersus Backoffice Lite 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2002-0279 1 Hp 1 Hp-ux 2025-04-03 N/A
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
CVE-1999-0164 1 Sun 1 Sunos 2025-04-03 N/A
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
CVE-2002-0281 1 Codeworx Technologies 1 Dcp-portal 2025-04-03 N/A
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
CVE-2002-1780 1 Alcatech Gmbh 1 Bpm Studio Pro 2025-04-03 N/A
BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves.
CVE-1999-0219 1 Cat Soft 1 Serv-u 2025-04-03 N/A
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
CVE-2002-0292 1 Open Source Development Network 1 Slashcode 2025-04-03 N/A
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
CVE-2006-0330 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
CVE-2000-0817 1 Microsoft 1 Network Monitor 2025-04-03 N/A
Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
CVE-1999-0221 1 Lucent 1 Ascend Routers 2025-04-03 N/A
Denial of service of Ascend routers through port 150 (remote administration).
CVE-2002-1704 1 Zeroboard 1 Zeroboard 2025-04-03 N/A
Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
CVE-2006-2786 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2025-04-03 N/A
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
CVE-2000-0830 1 Microsoft 1 Webtv 2025-04-03 N/A
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
CVE-1999-0222 1 Cisco 1 Router 2025-04-03 N/A
Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL.
CVE-2002-0295 1 Alcatel-lucent 1 Omnipcx 2025-04-03 N/A
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
CVE-2002-1789 1 Newsx 1 Newsx 2025-04-03 N/A
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
CVE-2002-0301 1 Citrix 1 Nfuse 2025-04-03 N/A
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
CVE-1999-0246 1 Hp 1 Hp-ux 2025-04-03 N/A
HP Remote Watch allows a remote user to gain root access.