Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0079 | 1 Scoznet | 1 Scozbook | 2026-04-16 | N/A |
| SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). | ||||
| CVE-2006-0078 | 1 Haddad Said | 1 B-net Software | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. | ||||
| CVE-2006-0073 | 1 Discusware | 2 Discus Freeware, Discus Professional | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0072 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. | ||||
| CVE-2006-0070 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE | ||||
| CVE-1999-1504 | 1 Stalker | 1 Stalker Internet Mail Server | 2026-04-16 | N/A |
| Stalker Internet Mail Server 1.6 allows a remote attacker to cause a denial of service (crash) via a long HELO command. | ||||
| CVE-2006-0058 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2026-04-16 | N/A |
| Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | ||||
| CVE-1999-1100 | 1 Cisco | 1 Pix Private Link | 2026-04-16 | N/A |
| Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. | ||||
| CVE-1999-1125 | 1 Oracle | 1 Http Server | 2026-04-16 | N/A |
| Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | ||||
| CVE-1999-1126 | 1 Cisco | 1 Resource Manager | 2026-04-16 | N/A |
| Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". | ||||
| CVE-1999-1129 | 1 Cisco | 2 Catalyst 2900 Vlan, Ios | 2026-04-16 | N/A |
| Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag. | ||||
| CVE-1999-1138 | 1 Sco | 4 Open Desktop, Open Desktop Lite, Openserver and 1 more | 2026-04-16 | N/A |
| SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. | ||||
| CVE-2001-0561 | 1 Drummond Miles | 1 A1stats | 2026-04-16 | N/A |
| Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. | ||||
| CVE-1999-1143 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. | ||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | ||||
| CVE-1999-1159 | 1 Ssh | 1 Ssh2 | 2026-04-16 | N/A |
| SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. | ||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2026-04-16 | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | ||||
| CVE-1999-1174 | 1 Iomega | 1 Zip 100 Mb Drive | 2026-04-16 | N/A |
| ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk. | ||||
| CVE-1999-1178 | 1 Sambar | 1 Sambar Server | 2026-04-16 | N/A |
| Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script. | ||||
| CVE-1999-1180 | 1 Oreilly | 2 Website, Website Pro | 2026-04-16 | N/A |
| O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat. | ||||