Export limit exceeded: 361694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361694 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0834 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
CVE-2004-1417 1 Psychostats 1 Psychostats 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVE-2000-1039 1 Microsoft 5 Windows 95, Windows 98, Windows 98se and 2 more 2026-04-16 N/A
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
CVE-2004-1419 1 Zeroboard 1 Zeroboard 2026-04-16 N/A
PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.
CVE-2000-1175 1 Jan Hubicka 1 Koules 2026-04-16 N/A
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
CVE-2001-0333 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
CVE-2004-1423 1 Php-calendar 1 Php-calendar 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2004-1424 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-3669 1 Mercury Messenger 1 Mercury Messenger 2026-04-16 N/A
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.
CVE-2001-0347 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
CVE-2004-1425 1 Moodle 1 Moodle 2026-04-16 N/A
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
CVE-2006-3677 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-16 N/A
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
CVE-2004-1426 1 Korweblog 1 Korweblog 2026-04-16 N/A
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.
CVE-2006-3678 1 3com 1 Tippingpoint Ips Tos 2026-04-16 N/A
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.
CVE-2002-1858 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2004-1427 1 Korweblog 1 Korweblog 2026-04-16 N/A
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded.
CVE-2004-1428 1 Argosoft 1 Ftp Server 2026-04-16 N/A
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
CVE-2006-3685 1 Czaries Network 1 Czarnews 2026-04-16 N/A
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
CVE-2006-3687 2 D-link, Dlink 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more 2026-04-16 N/A
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
CVE-2004-1429 1 Argosoft 1 Ftp Server 2026-04-16 N/A
ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.