Search Results (360766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0545 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
CVE-2006-0444 1 Phpclanwebsite 1 Phpclanwebsite 2026-04-16 N/A
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
CVE-2001-0550 3 David Madore, Redhat, Washington University 3 Ftpd-bsd, Linux, Wu-ftpd 2026-04-16 N/A
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
CVE-2001-0554 10 Debian, Freebsd, Ibm and 7 more 12 Debian Linux, Freebsd, Aix and 9 more 2026-04-16 N/A
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVE-2001-0555 1 Screaming Media 1 Siteware 2026-04-16 N/A
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
CVE-2001-0557 1 T. Hauck 1 Jana Web Server 2026-04-16 N/A
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
CVE-2006-1205 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
CVE-2001-0558 1 T. Hauck 1 Jana Web Server 2026-04-16 N/A
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
CVE-2006-0456 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
CVE-2001-0564 1 Apc 1 Ap9606 2026-04-16 N/A
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
CVE-2006-1212 1 Corenews 1 Corenews 2026-04-16 N/A
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.
CVE-2001-0568 2 Redhat, Zope 2 Powertools, Zope 2026-04-16 N/A
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
CVE-2006-1213 1 Jiro 1 Banner System 2026-04-16 N/A
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
CVE-2001-0570 2 Minicom, Redhat 2 Minicom, Linux 2026-04-16 N/A
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
CVE-2001-0571 1 Elron 2 Im Anti Virus, Im Message Inspector 2026-04-16 N/A
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
CVE-2006-1215 1 Woltlab 1 Burning Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.
CVE-2001-0576 1 Sco 1 Openserver 2026-04-16 N/A
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
CVE-2006-1218 1 Novell 1 Bordermanager 2026-04-16 N/A
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".
CVE-2001-0577 1 Sco 1 Openserver 2026-04-16 N/A
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
CVE-2001-0579 1 Sco 1 Openserver 2026-04-16 N/A
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.