Export limit exceeded: 365648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0533 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
CVE-2006-1200 1 Daverave 1 Link Bank 2026-04-16 N/A
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
CVE-2001-0537 1 Cisco 1 Ios 2026-04-16 N/A
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
CVE-2006-2839 1 Webwork 1 Webwork 2026-04-16 N/A
Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.
CVE-2001-0538 1 Microsoft 1 Outlook 2026-04-16 N/A
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVE-2006-3149 1 Phpmyforum 1 Phpmyforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
CVE-2001-0544 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
CVE-2001-0545 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
CVE-2001-0550 3 David Madore, Redhat, Washington University 3 Ftpd-bsd, Linux, Wu-ftpd 2026-04-16 N/A
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
CVE-2001-0554 10 Debian, Freebsd, Ibm and 7 more 12 Debian Linux, Freebsd, Aix and 9 more 2026-04-16 N/A
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVE-2001-0555 1 Screaming Media 1 Siteware 2026-04-16 N/A
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
CVE-2001-0557 1 T. Hauck 1 Jana Web Server 2026-04-16 N/A
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
CVE-2006-1205 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
CVE-2001-0558 1 T. Hauck 1 Jana Web Server 2026-04-16 N/A
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
CVE-2006-0456 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
CVE-2001-0564 1 Apc 1 Ap9606 2026-04-16 N/A
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
CVE-2006-1212 1 Corenews 1 Corenews 2026-04-16 N/A
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.
CVE-2001-0568 2 Redhat, Zope 2 Powertools, Zope 2026-04-16 N/A
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
CVE-2006-1213 1 Jiro 1 Banner System 2026-04-16 N/A
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
CVE-2001-0570 2 Minicom, Redhat 2 Minicom, Linux 2026-04-16 N/A
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.