Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0868 1 Redhat 1 Stronghold 2026-04-16 N/A
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
CVE-2004-1122 1 Apple 1 Safari 2026-04-16 N/A
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
CVE-2001-1022 3 Gnu, Jgroff, Redhat 3 Groff, Jgroff, Linux 2026-04-16 N/A
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVE-2001-1029 2 Freebsd, Openbsd 2 Freebsd, Openssh 2026-04-16 N/A
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
CVE-2001-1030 6 Caldera, Immunix, Mandrakesoft and 3 more 8 Openlinux Server, Immunix, Mandrake Linux and 5 more 2026-04-16 N/A
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
CVE-2001-1033 1 Compaq 2 Tru64, Trucluster 2026-04-16 N/A
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.
CVE-2001-1046 1 Qualcomm 1 Qpopper 2026-04-16 N/A
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
CVE-2006-2228 1 W-agora 1 W-agora 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
CVE-2001-1048 1 Topher1kenobe 1 Awol 2026-04-16 N/A
AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2006-2230 1 Xine 1 Xine 2026-04-16 N/A
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
CVE-2006-3836 1 Unidomedia 1 Chameleon Le 2026-04-16 N/A
Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.
CVE-2001-1049 1 Paul M. Jones 1 Phorecast 2026-04-16 N/A
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2006-2232 1 Scriptsez 1 Cute Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
CVE-2001-1052 1 Emergenices Personnel Information System 1 Empris 2026-04-16 N/A
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2001-1063 1 Caldera 2 Openunix, Unixware 2026-04-16 N/A
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
CVE-2001-1073 1 Webridge 1 Px Application Suite 2026-04-16 N/A
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
CVE-2001-1075 1 Sun 1 Cobalt Raq 3i 2026-04-16 N/A
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
CVE-2006-2233 1 Banktown 1 Btcxctl20com Activex Control 2026-04-16 N/A
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.
CVE-2001-1078 1 Extremail 1 Extremail 2026-04-16 N/A
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
CVE-2001-1083 2 Icecast, Redhat 2 Icecast, Powertools 2026-04-16 N/A
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).