Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1346 | 1 Greg Neustaetter | 1 Gcards | 2026-04-16 | N/A |
| Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php. | ||||
| CVE-1999-0789 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in AIX ftpd in the libc library. | ||||
| CVE-1999-0448 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | ||||
| CVE-2002-0376 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. | ||||
| CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2026-04-16 | N/A |
| Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. | ||||
| CVE-2002-0682 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | ||||
| CVE-2002-1394 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2026-04-16 | N/A |
| Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | ||||
| CVE-2002-1560 | 1 Martin Bauer | 1 Gbook | 2026-04-16 | N/A |
| index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true. | ||||
| CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | ||||
| CVE-2001-1252 | 1 Pgp | 1 Keyserver | 2026-04-16 | N/A |
| Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. | ||||
| CVE-2004-0261 | 1 Openjournal | 1 Openjournal | 2026-04-16 | N/A |
| oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter. | ||||
| CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2026-04-16 | 5.5 Medium |
| Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | ||||
| CVE-2004-1561 | 1 Icecast | 1 Icecast | 2026-04-16 | N/A |
| Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. | ||||
| CVE-2003-0041 | 3 Mandrakesoft, Mit, Redhat | 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more | 2026-04-16 | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | ||||
| CVE-2005-1933 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474. | ||||
| CVE-2006-3061 | 1 Review-script.com | 1 Five Star Review Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php. | ||||
| CVE-2001-0739 | 1 Engardelinux | 1 Secure Linux | 2026-04-16 | N/A |
| Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. | ||||
| CVE-2006-4629 | 1 C-news.fr | 1 C-news | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-3614 | 1 Orbitcoders | 1 Orbitmatrix | 2026-04-16 | N/A |
| index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability. | ||||
| CVE-2001-0735 | 1 Infodrom | 1 Cfingerd | 2026-04-16 | N/A |
| Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. | ||||