Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0180 1 Generation Terrorists Designs And Concepts 1 Sojourn 2026-04-16 N/A
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2005-3075 1 Mpc-donkey 1 Zengaia 2026-04-16 N/A
SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4010 1 Sensation Designs 1 Kbase Express 2026-04-16 N/A
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
CVE-2000-0186 4 Freebsd, Mandrakesoft, Redhat and 1 more 4 Freebsd, Mandrake Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
CVE-2000-0187 1 Alex Heiphetz Group 1 Ezshopper 2026-04-16 N/A
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2005-4021 1 Gallery Project 1 Gallery 2026-04-16 N/A
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2000-0189 1 Allaire 1 Coldfusion Server 2026-04-16 N/A
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
CVE-2000-0197 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
CVE-2000-0199 1 Microsoft 1 Sql Server 2026-04-16 N/A
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
CVE-2005-4022 1 Gallery Project 1 Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
CVE-2000-0214 1 Ftpx 1 Ftp Explorer 2026-04-16 N/A
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
CVE-2000-0228 1 Microsoft 1 Windows Media Rights Manager 2026-04-16 N/A
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
CVE-2000-0230 2 Halloween, Redhat 2 Halloween Linux, Linux 2026-04-16 N/A
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
CVE-2005-4029 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods.
CVE-2000-0239 1 Atrium Software 3 Mercur Imap4 Server, Mercur Mailserver, Mercur Pop3 Server 2026-04-16 N/A
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
CVE-2000-0240 1 Vqsoft 1 Vqserver 2026-04-16 N/A
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
CVE-2000-0251 1 Hp 2 Hp-ux, Vvos 2026-04-16 N/A
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
CVE-2005-4031 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
CVE-2000-0253 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
CVE-2005-3113 1 Nateon 1 Nateon Messenger 2026-04-16 N/A
The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.