Export limit exceeded: 363052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0587 1 Infopop 1 Ultimate Bulletin Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
CVE-2003-0588 1 Digi-fx 1 Digi-news 2026-04-16 N/A
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
CVE-2006-0501 1 Punctweb 1 Myco Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.
CVE-2001-0181 1 Caldera 3 Openlinux Desktop, Openlinux Edesktop, Openlinux Eserver 2026-04-16 N/A
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.
CVE-2003-0589 1 Digi-fx 1 Digi-news 2026-04-16 N/A
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
CVE-2006-0503 1 Mailenable 1 Mailenable Professional 2026-04-16 N/A
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
CVE-2006-0504 1 Mailenable 1 Mailenable Enterprise 2026-04-16 N/A
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.
CVE-2006-0506 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
CVE-2003-0601 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
CVE-2001-0195 1 Debian 1 Debian Linux 2026-04-16 7.8 High
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
CVE-2001-0199 1 Guido Frassetto 1 Sedum 2026-04-16 N/A
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.
CVE-2006-0510 1 Daffodil Software 1 Daffodil Crm 2026-04-16 N/A
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.
CVE-2003-0602 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
CVE-2006-0513 1 Ibm 1 Tivoli Access Manager For E-business 2026-04-16 N/A
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-0428 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
CVE-2006-0426 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
CVE-2000-1183 1 Nec 1 Socks 5 2026-04-16 N/A
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
CVE-2003-0519 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
CVE-2000-0916 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
CVE-2000-0920 1 Boa 1 Boa Webserver 2026-04-16 N/A
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."