Export limit exceeded: 362243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1077 1 Evo-dev 1 Evoblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
CVE-2001-1007 1 Starfish 1 Truesync Desktop 2026-04-16 N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.
CVE-2001-1010 1 Sambar 1 Sambar Server 2026-04-16 N/A
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
CVE-2001-1013 1 Redhat 1 Linux 2026-04-16 N/A
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
CVE-2001-1014 1 Michael Boehme 1 Webdiscount E Shop Online Shop System 2026-04-16 N/A
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
CVE-2006-1352 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVE-2001-1018 1 Lotus 1 Domino 2026-04-16 N/A
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
CVE-2001-1019 1 Seaglass Technologies Inc. 1 Sglmerchant 2026-04-16 N/A
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.
CVE-2001-1022 3 Gnu, Jgroff, Redhat 3 Groff, Jgroff, Linux 2026-04-16 N/A
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVE-2006-2879 1 Alex 1 News-engine 2026-04-16 N/A
SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2001-1024 1 Entrust 1 Getaccess 2026-04-16 N/A
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
CVE-2001-1025 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
CVE-2006-1365 1 Motorola 3 E398, Pebl U6, V600 2026-04-16 N/A
The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.
CVE-2001-1110 1 Khamil Landross And Zack Jones 1 Eftp 2026-04-16 N/A
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
CVE-2006-1375 1 Brain Book Software 1 Adman 2026-04-16 N/A
AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.
CVE-2001-1111 1 Khamil Landross And Zack Jones 1 Eftp 2026-04-16 N/A
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
CVE-2001-1113 1 Trolltech 1 Trollftpd 2026-04-16 N/A
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
CVE-2006-1209 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
CVE-2001-1116 1 Identix 1 Biologon 2026-04-16 N/A
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
CVE-2006-1377 2 Comoblog Project, Easymoblog 2 Comoblog, Easymoblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.