Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1170 1 Amtote International 1 Homebet 2026-04-16 N/A
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
CVE-2001-1227 2 Redhat, Zope 3 Linux, Powertools, Zope 2026-04-16 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2001-1228 1 Gnu 1 Gzip 2026-04-16 N/A
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
CVE-2001-1233 1 Novell 2 Groupwise Webaccess, Netware 2026-04-16 N/A
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
CVE-2006-2256 1 Eqdkp 1 Eqdkp 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
CVE-2001-1235 1 Derek Leung 1 Pslash 2026-04-16 N/A
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
CVE-2001-1236 1 Sebastian Bunka 1 Myphppagetool 2026-04-16 N/A
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
CVE-2001-1237 1 Peaceworks Computer Consulting 1 Phormation 2026-04-16 N/A
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
CVE-2001-1241 1 Steve Grimm 1 Un-cgi 2026-04-16 N/A
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
CVE-2001-1242 1 Steve Grimm 1 Un-cgi 2026-04-16 N/A
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
CVE-2001-1249 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
CVE-2006-2258 1 Maxxcode 1 Maxxschedule 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.
CVE-2001-1251 2 Max Feoktistov, Vwebserver 2 Small Http Server, Vwebserver 2026-04-16 N/A
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2026-04-16 N/A
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-2001-1252 1 Pgp 1 Keyserver 2026-04-16 N/A
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
CVE-2001-1040 1 Hp 1 Jetadmin 2026-04-16 N/A
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
CVE-2001-1253 1 Com2001 1 Alexis Server 2026-04-16 N/A
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
CVE-2001-1255 2 Mysql, Oracle 2 Winmysqladmin, Mysql 2026-04-16 N/A
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
CVE-1999-1059 1 Att 1 Svr4 2026-04-16 N/A
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
CVE-2001-1260 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.