Export limit exceeded: 29943 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0097 | 3 Hp, Ibm, Sun | 4 Hp-ux, Aix, Solaris and 1 more | 2026-04-16 | N/A |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). | ||||
| CVE-1999-0099 | 5 Bsdi, Convex, Cray and 2 more | 7 Bsd Os, Convexos, Spp-ux and 4 more | 2026-04-16 | N/A |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. | ||||
| CVE-2006-1257 | 1 Microsoft | 1 Commerce Server | 2026-04-16 | N/A |
| The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | ||||
| CVE-2006-1267 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. | ||||
| CVE-2000-0751 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2026-04-16 | N/A |
| mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-1271 | 1 Oxynews | 1 Oxynews | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. | ||||
| CVE-2006-1273 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself | ||||
| CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | ||||
| CVE-1999-0123 | 1 Slackware | 1 Slackware Linux | 2026-04-16 | N/A |
| Race condition in Linux mailx command allows local users to read user files. | ||||
| CVE-2006-1289 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php. | ||||
| CVE-1999-0681 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2026-04-16 | N/A |
| Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | ||||
| CVE-1999-0137 | 1 Fred N. Van Kempen | 1 Dip | 2026-04-16 | N/A |
| The dip program on many Linux systems allows local users to gain root access via a buffer overflow. | ||||
| CVE-2006-1123 | 1 D2ksoft | 1 D2kblog | 2026-04-16 | N/A |
| SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. | ||||
| CVE-2002-2108 | 1 Sony | 1 Vaio Manual Cybersupport | 2026-04-16 | N/A |
| Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. | ||||
| CVE-2003-0836 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | ||||
| CVE-1999-0156 | 1 Washington University | 1 Wu-ftpd | 2026-04-16 | N/A |
| wu-ftpd FTP daemon allows any user and password combination. | ||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | ||||
| CVE-1999-0158 | 1 Cisco | 1 Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. | ||||
| CVE-2006-1378 | 1 Counterpane | 1 Password Safe | 2026-04-16 | N/A |
| PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. | ||||
| CVE-2005-2308 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | ||||