Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1349 2 Gnu, Oracle 2 Gzip, Solaris 2026-04-16 N/A
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
CVE-2005-4648 1 Illustrate 1 Dbpoweramp Music Converter 2026-04-16 N/A
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue.
CVE-1999-0236 2 Apache, Illinois 2 Http Server, Ncsa Httpd 2026-04-16 7.5 High
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
CVE-1999-1237 1 Apache 1 Http Server 2026-04-16 N/A
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
CVE-2002-0131 1 Activestate 1 Activepython 2026-04-16 N/A
ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.
CVE-2003-0147 4 Openpkg, Openssl, Redhat and 1 more 6 Openpkg, Openssl, Enterprise Linux and 3 more 2026-04-16 N/A
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
CVE-2004-2022 1 Activestate 1 Activeperl 2026-04-16 N/A
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
CVE-2000-0669 1 Novell 1 Netware 2026-04-16 N/A
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
CVE-2000-1210 1 Apache 1 Tomcat 2026-04-16 N/A
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
CVE-2002-0191 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2002-0516 1 Squirrelmail 1 Squirrelmail 2026-04-16 N/A
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
CVE-2002-0642 1 Microsoft 2 Msde, Sql Server 2026-04-16 N/A
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
CVE-2002-0653 2 Modssl, Redhat 6 Mod Ssl, Enterprise Linux, Linux and 3 more 2026-04-16 7.8 High
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
CVE-2002-0665 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
CVE-2002-0679 6 Caldera, Compaq, Hp and 3 more 8 Openunix, Unixware, Tru64 and 5 more 2026-04-16 N/A
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
CVE-2002-0697 1 Microsoft 1 Metadirectory Services 2026-04-16 N/A
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
CVE-2002-0717 1 Php 1 Php 2026-04-16 N/A
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
CVE-2002-0860 1 Microsoft 2 Office Web Components, Project 2026-04-16 N/A
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
CVE-2002-1054 1 Pablo Software Solutions 1 Pablo Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.