Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0269 1 Netscape 1 Enterprise Server 2026-04-16 N/A
Netscape Enterprise servers may list files through the PageServices query.
CVE-2002-1411 1 Duma 1 Photo Gallery System 2026-04-16 N/A
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter.
CVE-2002-1467 2 Macromedia, Redhat 4 Flash Player, Shockwave, Enterprise Linux and 1 more 2026-04-16 N/A
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
CVE-2000-0383 1 Aol 1 Instant Messenger 2026-04-16 N/A
The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.
CVE-2002-1315 1 Iplanet 1 Iplanet Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
CVE-2002-1498 1 Trevor Lee 1 Swserver 2026-04-16 N/A
Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.
CVE-2002-1452 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.
CVE-2002-1647 1 Slashcode.com 1 Slash 2026-04-16 N/A
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
CVE-2002-1665 1 Yahoo 1 Messenger 2026-04-16 N/A
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
CVE-2006-0088 1 Intouch 1 Intouch 2026-04-16 N/A
SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2002-1535 1 Symantec 2 Enterprise Firewall, Raptor Firewall 2026-04-16 N/A
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
CVE-2002-1544 1 Cooolsoft 1 Personal Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get.
CVE-2002-1545 1 Cooolsoft 1 Personal Ftp Server 2026-04-16 N/A
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response.
CVE-2006-1076 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2002-2258 1 Mobydisk 1 Netsuite 2026-04-16 N/A
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call.
CVE-2005-4845 1 Sun 1 Java Plug-in 2026-04-16 N/A
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVE-1999-0284 2 Ibm, Microsoft 2 Lotus Domino Mail Server, Exchange Server 2026-04-16 N/A
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
CVE-1999-0297 5 Bsdi, Freebsd, Netbsd and 2 more 5 Bsd Os, Freebsd, Netbsd and 2 more 2026-04-16 N/A
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
CVE-2000-0812 1 Sun 1 Java System Web Server 2026-04-16 N/A
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
CVE-1999-1198 1 Next 1 Next 2026-04-16 N/A
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.