Search Results (354 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0848 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
CVE-2006-2363 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-1999-0701 1 Microsoft 1 Windows Nt 2026-04-16 N/A
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
CVE-1999-0766 1 Microsoft 2 Internet Explorer, Java Virtual Machine 2026-04-16 N/A
The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
CVE-2003-1422 1 Gentoo 1 Syslinux 2026-04-16 N/A
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
CVE-2003-1341 1 Trend Micro 2 Officescan, Virus Buster 2026-04-16 N/A
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
CVE-2003-1362 1 Hp 2 Bastille, Hp-ux 2026-04-16 N/A
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
CVE-2003-1367 1 Great Circle Associates 1 Majordomo 2026-04-16 N/A
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVE-2003-1426 1 Cpanel 1 Cpanel 2026-04-16 N/A
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
CVE-2003-1491 1 Kerio 1 Personal Firewall 2026-04-16 N/A
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
CVE-2002-2234 1 Netscreen 1 Screenos 2026-04-16 N/A
NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests.
CVE-1999-0725 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
CVE-1999-0858 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
CVE-2004-2692 1 Kyberdigi Labs 1 Php-exec-dir 2026-04-16 N/A
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
CVE-1999-0875 2 Microsoft, Sun 5 Windows 2000, Windows 95, Windows 98se and 2 more 2026-04-16 N/A
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVE-2004-0605 2 Ircd-hybrid, Ircd-ratbox 2 Ircd-hybrid, Ircd-ratbox 2026-04-16 N/A
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
CVE-2003-1457 1 Auerswald 1 Comsuite Cti Controlcenter 2026-04-16 N/A
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
CVE-2004-2760 1 Openbsd 1 Openssh 2026-04-16 N/A
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
CVE-2002-2263 1 Hp 2 Hp-ux, Visualize Conference Ftp 2026-04-16 N/A
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
CVE-2026-21218 3 Apple, Linux, Microsoft 4 Macos, Linux Kernel, .net and 1 more 2026-04-15 7.5 High
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.