Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1529 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
CVE-2004-0089 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
CVE-2003-0213 1 Poptop 1 Pptp Server 2026-04-16 N/A
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
CVE-2003-0075 1 Bladeenc 1 Bladeenc 2026-04-16 N/A
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
CVE-2001-1525 1 Easyscripts 1 Easynews 2026-04-16 N/A
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.
CVE-2001-1524 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
CVE-2004-0083 3 Openbsd, Redhat, Xfree86 Project 4 Openbsd, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
CVE-2001-1523 1 Dmozgateway 1 Dmozgateway 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.
CVE-2004-0078 2 Mutt, Redhat 3 Mutt, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
CVE-2001-1522 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2004-1940 1 Wirlab 1 Kphone 2026-04-16 N/A
sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read.
CVE-2003-0074 1 Plptools 1 Plptools 2026-04-16 N/A
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
CVE-2004-0077 4 Linux, Netwosix, Redhat and 1 more 9 Linux Kernel, Netwosix Linux, Bigmem Kernel and 6 more 2026-04-16 N/A
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
CVE-2001-1519 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
CVE-2001-1518 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
CVE-2004-0073 1 Stoitsov 1 Easydynamicpages 2026-04-16 N/A
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
CVE-2002-1867 1 Bizdesign 1 Imagefolio 2026-04-16 N/A
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2001-1515 1 Microsoft 1 Windows 2000 2026-04-16 7.5 High
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
CVE-2004-0072 1 Accipiter 1 Accipiter Direct Server 2026-04-16 N/A
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.
CVE-2002-1841 1 Noguska 1 Nola 2026-04-16 N/A
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.