Export limit exceeded: 365822 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365822 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1342 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1029 1 Joomla 1 Joomla 2026-04-16 N/A
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.
CVE-2001-0980 1 Caldera 2 Openlinux Server, Openlinux Workstation 2026-04-16 N/A
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
CVE-2006-1045 2 Mozilla, Redhat 2 Thunderbird, Enterprise Linux 2026-04-16 N/A
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
CVE-2001-0981 1 Hp 1 Cifs-9000 Server 2026-04-16 N/A
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
CVE-2001-0985 1 Hassan Consulting 1 Shopping Cart 2026-04-16 N/A
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
CVE-2001-0987 1 Nathan Neulinger 1 Cgiwrap 2026-04-16 N/A
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
CVE-2001-0988 1 Knox Software 1 Arkeia 2026-04-16 N/A
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information.
CVE-2006-1348 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
CVE-2006-2874 1 Osads Alliance Database 1 Osads Alliance Database 2026-04-16 N/A
Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments.
CVE-2006-1351 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
CVE-2006-1077 1 Evo-dev 1 Evoblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
CVE-2001-1007 1 Starfish 1 Truesync Desktop 2026-04-16 N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.
CVE-2001-1009 2 Fetchmail, Redhat 2 Fetchmail, Linux 2026-04-16 N/A
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
CVE-2001-1010 1 Sambar 1 Sambar Server 2026-04-16 N/A
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
CVE-2001-1013 1 Redhat 1 Linux 2026-04-16 N/A
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
CVE-2001-1014 1 Michael Boehme 1 Webdiscount E Shop Online Shop System 2026-04-16 N/A
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
CVE-2006-1352 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVE-2001-1018 1 Lotus 1 Domino 2026-04-16 N/A
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
CVE-2001-1019 1 Seaglass Technologies Inc. 1 Sglmerchant 2026-04-16 N/A
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.