Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1852 1 Monkey-project 1 Monkey 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
CVE-2001-0225 1 Lenzo 1 Infobot 2026-04-16 N/A
fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2001-0235 1 Debian 1 Debian Linux 2026-04-16 N/A
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
CVE-2002-1946 1 Tata 1 Integrated Dialer 2026-04-16 5.5 Medium
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
CVE-2005-3332 1 Belchior Foundry 1 Vcard 2026-04-16 N/A
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.
CVE-2005-3336 1 Mantis 1 Mantis 2026-04-16 N/A
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2003-1175 1 Synthetic Reality 1 Sympoll 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
CVE-2005-3444 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.
CVE-2001-0344 1 Microsoft 1 Sql Server 2026-04-16 N/A
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
CVE-1999-0253 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
CVE-2003-1176 1 Bdc Enterprises 1 Web Wiz Forums 2026-04-16 N/A
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
CVE-2000-0884 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
CVE-2000-0970 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
CVE-2000-1104 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
CVE-2005-3466 1 Oracle 1 Peoplesoft Enterprise Customer Relationship Management 2026-04-16 N/A
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
CVE-1999-0126 1 Xfree86 Project 1 Xfree86 2026-04-16 N/A
SGI IRIX buffer overflow in xterm and Xaw allows root access.
CVE-1999-0213 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
CVE-2005-2448 2 Ekg, Redhat 2 Ekg, Enterprise Linux 2026-04-16 N/A
Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.
CVE-2001-1141 2 Openssl, Ssleay 2 Openssl, Ssleay 2026-04-16 N/A
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
CVE-2001-1243 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.