Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1401 1 Sgi 1 Irix 2026-04-16 N/A
Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook).
CVE-1999-1402 2 Freebsd, Sun 3 Freebsd, Solaris, Sunos 2026-04-16 N/A
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
CVE-1999-1403 1 Ibm 1 Tivoli Opc Tracker Agent 2026-04-16 N/A
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
CVE-1999-1404 1 Ibm 1 Tivoli Opc Tracker Agent 2026-04-16 N/A
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
CVE-1999-1405 1 Ibm 1 Aix 2026-04-16 N/A
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
CVE-1999-1411 1 Debian 1 Debian Linux 2026-04-16 N/A
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
CVE-1999-1586 1 Sun 1 Sunos 2026-04-16 N/A
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
CVE-1999-0185 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
CVE-1999-0626 1 Sun 1 Rpc.ruserd 2026-04-16 N/A
A version of rusers is running that exposes valid user information to any entity on the network.
CVE-2005-2143 1 Microsoft 1 Frontpage 2026-04-16 N/A
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
CVE-2005-2150 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
CVE-2006-4832 1 Verso Netperformer 1 Frame Relay Access Device Act 2026-04-16 N/A
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
CVE-2001-0909 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
CVE-2006-1285 1 Symantec 2 Ghost Solutions Suite, Norton Ghost 2026-04-16 N/A
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
CVE-2001-1519 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
CVE-2006-2714 1 Secure Elements 1 C5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID.
CVE-1999-0254 1 Sun 1 Solaris 2026-04-16 N/A
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
CVE-2006-0985 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
CVE-1999-0699 1 Bluestone 1 Sapphire Web 2026-04-16 N/A
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.
CVE-2001-0879 1 Microsoft 4 Sql Server, Windows 2000, Windows Nt and 1 more 2026-04-16 N/A
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.