Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0491 1 Redhat 1 Enterprise Linux 2025-04-03 N/A
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
CVE-2002-0405 1 Transsoft 1 Broker Ftp Server 2025-04-03 N/A
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
CVE-2006-3831 1 Kailash Nadh 1 Boastmachine 2025-04-03 N/A
The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.
CVE-2004-1391 1 Qnx 2 Rtos, Rtp 2025-04-03 N/A
Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
CVE-2001-0458 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more 4 Debian Linux, Mandrake Linux, Eperl and 1 more 2025-04-03 N/A
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
CVE-2002-1336 2 Redhat, Tightvnc 3 Enterprise Linux, Linux, Tightvnc 2025-04-03 N/A
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
CVE-2002-0409 1 Microsoft 1 .net Framework 2025-04-03 N/A
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
CVE-2001-0459 2 Afterstep.org, Rob Malda 2 Afterstep, Ascdc 2025-04-03 N/A
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
CVE-2001-0464 1 Crosswind 1 Cyberscheduler 2025-04-03 N/A
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
CVE-2004-2549 1 Nortel 3 Wlan Access Point 2220, Wlan Access Point 2221, Wlan Access Point 2225 2025-04-03 N/A
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
CVE-2002-0413 1 Rebb 1 Rebb 2025-04-03 N/A
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
CVE-2001-0470 1 Sun 1 Sunos 2025-04-03 N/A
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
CVE-2001-0471 1 Ssh 1 Ssh 2025-04-03 N/A
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
CVE-2002-1341 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
CVE-2005-0017 1 F2c Open Source Project 1 F2c Translator 2025-04-03 N/A
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
CVE-2001-0472 1 Ibm 1 High Availability Cluster Multiprocessing 2025-04-03 N/A
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
CVE-2005-0183 1 Squirrelmail 1 Vacation Plugin 2025-04-03 N/A
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
CVE-2005-0198 2 Redhat, University Of Washington 2 Enterprise Linux, Uw-imap 2025-04-03 N/A
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
CVE-2001-0475 1 Jelsoft 1 Vbulletin 2025-04-03 N/A
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
CVE-2005-0225 1 Firehol 1 Firehol 2025-04-03 N/A
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.