Search Results (363248 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1498 1 Markus Kliegl 1 Mod Bf 2026-04-16 N/A
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.
CVE-2001-1504 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
CVE-2003-0686 2 Dave Airlie, Redhat 4 Pam Smb, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
CVE-2001-1512 1 Macromedia 1 Jrun 2026-04-16 N/A
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
CVE-2001-1517 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
CVE-2003-0689 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
CVE-2001-1522 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2006-0644 1 Cpg-nuke 1 Dragonfly Cms 2026-04-16 N/A
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.
CVE-2001-1537 1 Symfony 1 Twig 2026-04-16 7.5 High
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
CVE-2001-1543 1 Axis 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more 2026-04-16 N/A
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
CVE-2001-1548 1 Zonelabs 1 Zonealarm 2026-04-16 N/A
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
CVE-2001-1550 1 Centra 3 Asp, Centraone, Smart Connect 2026-04-16 N/A
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
CVE-2006-0646 1 Suse 1 Suse Linux 2026-04-16 N/A
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
CVE-2003-0697 1 Ibm 1 Aix 2026-04-16 N/A
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
CVE-2001-1577 1 Caldera 2 Openunix, Unixware 2026-04-16 N/A
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
CVE-2001-1579 1 Sco 2 Open Unix, Unixware 2026-04-16 N/A
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
CVE-2001-1580 2 Nombas, Novell 2 Scriptease Webserver, Netware 2026-04-16 N/A
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
CVE-2006-0648 1 Php Icalendar 1 Php Icalendar 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.
CVE-2002-0004 8 Caldera, Debian, Freebsd and 5 more 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more 2026-04-16 N/A
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVE-2006-0649 1 Dataparksearch 1 Dataparksearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.