Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1353 | 1 Forum.pl | 1 Forum.pl | 2026-04-16 | N/A |
| The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2005-1367 | 1 Pico Server | 1 Pico Server | 2026-04-16 | N/A |
| Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. | ||||
| CVE-2005-1369 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function. | ||||
| CVE-2005-1378 | 1 Oxpus | 1 Phpbb Personal Notes Module | 2026-04-16 | N/A |
| SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors. | ||||
| CVE-2000-0359 | 1 Acme Labs | 1 Thttpd | 2026-04-16 | N/A |
| Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. | ||||
| CVE-2000-0632 | 1 Lsoft | 1 Listserv | 2026-04-16 | N/A |
| Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | ||||
| CVE-2000-0773 | 1 Bajie | 1 Java Http Server | 2026-04-16 | N/A |
| Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. | ||||
| CVE-2005-1506 | 1 Cj | 1 Ultra Plus | 2026-04-16 | N/A |
| SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter. | ||||
| CVE-2005-1512 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files. | ||||
| CVE-2005-1515 | 1 Dan Bernstein | 1 Qmail | 2026-04-16 | N/A |
| Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. | ||||
| CVE-2001-0902 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | ||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2026-04-16 | N/A |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | ||||
| CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2026-04-16 | N/A |
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | ||||
| CVE-2005-1524 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. | ||||
| CVE-2001-1279 | 2 Lbl, Redhat | 2 Tcpdump, Linux | 2026-04-16 | N/A |
| Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. | ||||
| CVE-2004-2344 | 1 Vocaltec | 2 Vgw120 Telephony Gateway, Vgw480 Telephony Gateway | 2026-04-16 | N/A |
| Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service. | ||||
| CVE-2006-2357 | 1 Ipswitch | 1 Whatsup Professional | 2026-04-16 | N/A |
| Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | ||||
| CVE-2006-0878 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. | ||||
| CVE-2004-1631 | 1 Openwfe | 1 Work Flow Engine | 2026-04-16 | N/A |
| Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results. | ||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | ||||