Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1572 5 Debian, Freebsd, Mandrakesoft and 2 more 6 Debian Linux, Freebsd, Mandrake Linux and 3 more 2026-04-16 N/A
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
CVE-1999-1577 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
CVE-1999-1580 2 Sendmail, Sun 2 Sendmail, Sunos 2026-04-16 N/A
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
CVE-1999-1586 1 Sun 1 Sunos 2026-04-16 N/A
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
CVE-2002-1120 1 Savant 1 Savant Web Server 2026-04-16 N/A
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2001-0642 1 Incredimail 1 Incredimail 2026-04-16 N/A
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
CVE-1999-0254 1 Sun 1 Solaris 2026-04-16 N/A
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
CVE-2006-0985 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
CVE-2005-3128 1 Squirrelmail 1 Address Add Plugin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
CVE-2005-4249 1 Adp 1 Adp Forum 2026-04-16 N/A
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
CVE-2005-4270 1 Watchfire 1 Appscan Qa 2026-04-16 N/A
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.
CVE-2005-4294 1 Alkacon 1 Opencms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.
CVE-2006-0176 1 Xmame 1 Xmame 2026-04-16 N/A
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
CVE-2006-2702 1 Wordpress 1 Wordpress 2026-04-16 N/A
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
CVE-2006-0331 1 Thiago Melo De Paula 1 Change Passwd 2026-04-16 N/A
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.
CVE-2001-1163 1 Munica 1 Netsql 2026-04-16 N/A
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
CVE-1999-0881 1 Blueface 1 Falcon Web Server 2026-04-16 N/A
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2006-3682 1 Awstats 1 Awstats 2026-04-16 N/A
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
CVE-1999-0893 1 Sco 1 Openserver 2026-04-16 N/A
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
CVE-2000-0002 1 Zbsoft 1 Zbserver 2026-04-16 N/A
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.