Export limit exceeded: 346520 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346520 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0135 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. | ||||
| CVE-1999-0136 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. | ||||
| CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
| CVE-2005-4301 | 1 Phpxplorer | 1 Phpxplorer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field. | ||||
| CVE-1999-0138 | 7 Apple, Digital, Freebsd and 4 more | 9 A Ux, Osf 1, Freebsd and 6 more | 2026-04-16 | N/A |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. | ||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2026-04-16 | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | ||||
| CVE-1999-0139 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. | ||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | ||||
| CVE-1999-0140 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Denial of service in RAS/PPTP on NT systems. | ||||
| CVE-2005-4305 | 1 Edgewall Software | 1 Trac | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. | ||||
| CVE-1999-0141 | 1 Netscape | 1 Navigator | 2026-04-16 | N/A |
| Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. | ||||
| CVE-2005-4306 | 1 Focalmedia.net | 1 Sitenet Bbs | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi. | ||||
| CVE-1999-0146 | 1 Ncsa | 2 Campas, Servers | 2026-04-16 | N/A |
| The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. | ||||
| CVE-1999-0152 | 1 Data General | 1 Dg Ux | 2026-04-16 | N/A |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. | ||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | ||||
| CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2026-04-16 | N/A |
| bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | ||||
| CVE-2005-4307 | 1 Jonathan Bravata | 1 Scarecrow | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi. | ||||
| CVE-1999-0157 | 1 Cisco | 2 Ios, Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. | ||||
| CVE-2005-4309 | 1 Scriptscenter | 1 Ezupload Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | ||||
| CVE-1999-0159 | 1 Cisco | 1 Ios | 2026-04-16 | 3.5 Low |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | ||||