Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1020 1 Vibechild 1 Directory Manager 2026-04-16 N/A
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
CVE-2001-1343 1 Cgicentral 2 Webstore 400, Webstore 400cs 2026-04-16 N/A
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
CVE-2002-0752 1 Cgiscript.net 1 Csmailto 2026-04-16 N/A
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
CVE-2002-0955 1 Yabb 1 Yabb 2026-04-16 N/A
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
CVE-2002-1526 1 Emumail 1 Emu Webmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.
CVE-2003-1395 1 Kazaa 1 Kazaa Media Desktop 2026-04-16 N/A
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
CVE-2003-1509 1 Realnetworks 2 Realone Enterprise Desktop, Realone Player 2026-04-16 N/A
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
CVE-2004-0292 1 Karjasoft 1 Sami Http Server 2026-04-16 N/A
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2004-2752 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.
CVE-1999-0048 3 Debian, Ibm, Nec 5 Netkit, Aix, Asl Ux 4800 and 2 more 2026-04-16 N/A
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
CVE-1999-0717 1 Microsoft 5 Excel, Windows 2000, Windows 95 and 2 more 2026-04-16 N/A
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
CVE-1999-0795 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.
CVE-2000-0851 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
CVE-2001-0361 2 Openbsd, Ssh 2 Openssh, Ssh 2026-04-16 N/A
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
CVE-2001-0730 2 Apache, Redhat 3 Http Server, Linux, Secure Web Server 2026-04-16 N/A
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
CVE-2001-1072 1 Apache 1 Http Server 2026-04-16 N/A
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVE-2001-1238 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
CVE-2001-1347 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
CVE-2001-1349 2 Redhat, Sendmail 2 Linux, Sendmail 2026-04-16 N/A
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2026-04-16 N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.