Export limit exceeded: 359762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359762 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | ||||
| CVE-2003-1108 | 1 Alcatel-lucent | 1 Omnipcx | 2026-04-16 | N/A |
| The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||
| CVE-2000-0440 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2026-04-16 | N/A |
| NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. | ||||
| CVE-2001-0495 | 1 Datawizard | 1 Webxq | 2026-04-16 | N/A |
| Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. | ||||
| CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | ||||
| CVE-2000-0855 | 1 Xs4all Data | 1 Xs4all Data Sunftp | 2026-04-16 | N/A |
| SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline. | ||||
| CVE-2004-0960 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2026-04-16 | N/A |
| FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. | ||||
| CVE-2000-0859 | 1 Gordano | 1 Ntmail | 2026-04-16 | N/A |
| The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. | ||||
| CVE-2000-0861 | 1 Gnu | 1 Mailman | 2026-04-16 | N/A |
| Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | ||||
| CVE-2000-0865 | 1 Tridia | 1 Doublevision | 2026-04-16 | N/A |
| Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. | ||||
| CVE-2000-0866 | 1 Borland Software | 1 Interbase Superserver | 2026-04-16 | N/A |
| Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes. | ||||
| CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3790 | 1 Ufo2000 | 1 Ufo2000 | 2026-04-16 | N/A |
| The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read. | ||||
| CVE-2000-0914 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. | ||||
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2026-04-16 | N/A |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | ||||
| CVE-2006-3763 | 1 Dieselscripts | 1 Diesel Joke Site | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2026-04-16 | N/A |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | ||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2026-04-16 | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | ||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2026-04-16 | N/A |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | ||||
| CVE-2000-0998 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. | ||||