Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2367 1 Clansys 1 Clansys 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function.
CVE-2006-2575 1 Pyrosoft Inc 1 Netpanzer 2026-04-16 N/A
The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.
CVE-2001-0689 1 Trend Micro 1 Virus Control System 2026-04-16 N/A
Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.
CVE-2004-1722 1 Merak 1 Mail Server 2026-04-16 N/A
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
CVE-2006-3317 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
CVE-2001-0690 4 Conectiva, Debian, Redhat and 1 more 5 Linux, Debian Linux, Linux and 2 more 2026-04-16 N/A
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
CVE-2006-4226 3 Mysql, Oracle, Redhat 4 Mysql, Mysql, Enterprise Linux and 1 more 2026-04-16 N/A
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
CVE-2001-0696 1 Netwin 1 Surgeftp 2026-04-16 N/A
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
CVE-2001-0697 1 Netwin 1 Surgeftp 2026-04-16 N/A
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
CVE-2001-0698 1 Netwin 1 Surgeftp 2026-04-16 N/A
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
CVE-2001-0700 1 W3m 1 W3m 2026-04-16 N/A
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
CVE-2001-0701 1 Sun 1 Sunvts 2026-04-16 N/A
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
CVE-2002-1855 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2001-0705 1 Arcadia 1 Arcadia Internet Store 2026-04-16 N/A
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
CVE-2001-0706 1 Maxum Development Corporation 1 Rumpus Ftp Server 2026-04-16 N/A
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
CVE-1999-1033 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
CVE-2001-0712 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
CVE-2001-0713 1 Sendmail 1 Sendmail 2026-04-16 N/A
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
CVE-2001-0714 1 Sendmail 1 Sendmail 2026-04-16 N/A
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
CVE-1999-1582 1 Cisco 1 Pix Firewall 2026-04-16 N/A
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.