Export limit exceeded: 29913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1087 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | ||||
| CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | ||||
| CVE-1999-1389 | 1 3com | 1 Total Control Netserver Card | 2026-04-16 | N/A |
| US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt. | ||||
| CVE-1999-1398 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. | ||||
| CVE-1999-1400 | 1 The Economist | 1 The Economist 1999 Screen Saver | 2026-04-16 | N/A |
| The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. | ||||
| CVE-2005-2857 | 1 Softstack | 1 Free Smtp Server | 2026-04-16 | N/A |
| Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy). | ||||
| CVE-2006-2042 | 1 Adobe | 1 Dreamweaver | 2026-04-16 | N/A |
| Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. | ||||
| CVE-1999-1403 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2026-04-16 | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. | ||||
| CVE-1999-1405 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a. | ||||
| CVE-1999-1418 | 1 Mirabilis | 1 Icq Web Front | 2026-04-16 | N/A |
| ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). | ||||
| CVE-1999-1442 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments. | ||||
| CVE-2004-1514 | 1 Soft3304 | 1 04webserver | 2026-04-16 | N/A |
| 04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2. | ||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | ||||
| CVE-2004-1517 | 1 Zonelabs | 1 Imsecure | 2026-04-16 | N/A |
| Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | ||||
| CVE-2004-1518 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | ||||
| CVE-2006-2000 | 1 Logmethods | 1 Logmethods | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. | ||||
| CVE-2004-1526 | 1 New Media Generation | 1 Hired Team Trial | 2026-04-16 | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator. | ||||
| CVE-2006-2001 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. | ||||
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | ||||
| CVE-2004-1528 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2026-04-16 | N/A |
| The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message. | ||||