Search Results (363248 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1521 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
CVE-2002-0802 2 Postgresql, Redhat 2 Postgresql, Database 2026-04-16 N/A
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
CVE-2001-1513 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.
CVE-2001-1503 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
CVE-1999-0269 1 Netscape 1 Enterprise Server 2026-04-16 N/A
Netscape Enterprise servers may list files through the PageServices query.
CVE-1999-0267 1 Ncsa 1 Ncsa Httpd 2026-04-16 N/A
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
CVE-2001-1362 1 Horsburgh 1 Npulse 2026-04-16 N/A
Vulnerability in the server for nPULSE before 0.53p4.
CVE-2006-3671 1 Hyper Estraier 1 Hyper Estraier 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.
CVE-2006-3700 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB.
CVE-2001-0215 1 Martin Hamilton 1 Roads 2026-04-16 N/A
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.
CVE-2001-0222 1 Webmin 1 Webmin 2026-04-16 N/A
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
CVE-2001-1222 1 Plesk 1 Plesk Server Administrator 2026-04-16 N/A
Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
CVE-2002-1095 1 Cisco 3 Secure Access Control Server, Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2026-04-16 N/A
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
CVE-2002-0713 2 Redhat, Squid 3 Enterprise Linux, Linux, Squid 2026-04-16 N/A
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
CVE-2006-3703 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.
CVE-2001-1226 1 Adcycle 1 Adcycle 2026-04-16 N/A
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
CVE-2005-1140 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
CVE-2001-0239 1 Microsoft 1 Isa Server 2026-04-16 N/A
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
CVE-2001-1227 2 Redhat, Zope 3 Linux, Powertools, Zope 2026-04-16 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2002-0726 1 Microsoft 1 Tsac Activex Control 2026-04-16 N/A
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.