Search Results (362703 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1447 1 Apple 1 Mac Os X 2026-04-16 N/A
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
CVE-2006-2470 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.
CVE-2001-1509 1 Hp 1 Hp-ux 2026-04-16 N/A
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
CVE-2001-1527 1 Easyscripts 1 Easynews 2026-04-16 N/A
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
CVE-2006-2474 1 Cosmoshop 1 Cosmoshop 2026-04-16 N/A
SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.
CVE-2001-1555 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
CVE-2001-1559 1 Openbsd 1 Openbsd 2026-04-16 5.5 Medium
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
CVE-2001-1573 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
CVE-2002-0038 1 Sgi 1 Irix 2026-04-16 N/A
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.
CVE-2006-2478 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
CVE-2006-2479 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
CVE-2002-0123 1 Mdg Computer Services 1 Web Server 4d Ecommerce 2026-04-16 N/A
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
CVE-2006-2480 2 Dia, Redhat 2 Dia, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.
CVE-2002-0287 1 Powie 1 Pforum 2026-04-16 N/A
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
CVE-2002-0299 1 Cnet 1 Catchup 2026-04-16 N/A
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.
CVE-2001-0535 1 Macromedia 1 Coldfusion Server 2026-04-16 N/A
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
CVE-2002-0318 1 Freeradius 1 Freeradius 2026-04-16 N/A
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
CVE-2002-0328 1 Ikonboard.com 1 Ikonboard 2026-04-16 N/A
Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag.
CVE-2002-0332 1 Xtell 1 Xtell 2026-04-16 N/A
Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
CVE-2002-0338 1 Ritlabs 1 The Bat 2026-04-16 N/A
The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.