Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0144 1 Axis 1 700 Network Document Server 2026-04-16 N/A
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
CVE-2000-0161 1 Microsoft 1 Site Server 2026-04-16 N/A
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
CVE-2000-0175 1 Sun 1 Staroffice 2026-04-16 N/A
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
CVE-2000-0176 1 Cat Soft 1 Serv-u 2026-04-16 N/A
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
CVE-2000-0177 1 Dnstools Software 1 Dnstools 2026-04-16 N/A
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0180 1 Generation Terrorists Designs And Concepts 1 Sojourn 2026-04-16 N/A
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2005-3075 1 Mpc-donkey 1 Zengaia 2026-04-16 N/A
SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4010 1 Sensation Designs 1 Kbase Express 2026-04-16 N/A
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
CVE-2000-0186 4 Freebsd, Mandrakesoft, Redhat and 1 more 4 Freebsd, Mandrake Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
CVE-2000-0382 1 Allaire 1 Clustercats 2026-04-16 N/A
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
CVE-2000-0391 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2026-04-16 N/A
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
CVE-2005-4091 1 1-script 1 1-search 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2000-0397 1 Seattle Lab Software 1 Emurl 2026-04-16 N/A
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
CVE-2000-0411 1 Matt Wright 1 Formmail 2026-04-16 N/A
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
CVE-2006-2964 1 Xtreme Scripts 1 Download Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.
CVE-2000-0413 1 Microsoft 3 Frontpage, Internet Information Server, Internet Information Services 2026-04-16 N/A
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
CVE-2005-4126 1 Realnetworks 1 Realplayer 2026-04-16 N/A
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
CVE-2000-0418 1 Cayman 2 3220-h Dsl Router, Gatorsurf 2026-04-16 N/A
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
CVE-2000-0427 1 Aladdin Knowledge Systems 1 Etoken 2026-04-16 N/A
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.
CVE-2000-0428 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.