Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0841 1 Oracle 1 Peopletools 2026-04-16 N/A
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
CVE-2006-0164 1 Woah-projekt 1 Phgstats 2026-04-16 N/A
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
CVE-2000-0641 1 Michael Lamont 1 Savant Webserver 2026-04-16 N/A
Savant web server allows remote attackers to execute arbitrary commands via a long GET request.
CVE-2003-0843 1 Dag Apt Repository 1 Mod Gzip 2026-04-16 N/A
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
CVE-2000-0643 1 Itafrica 1 Webactive 2026-04-16 N/A
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
CVE-2003-0844 1 Schroepl 1 Mod Gzip 2026-04-16 7.1 High
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
CVE-2004-1038 1 Ieee 1 Firewire Ieee 2026-04-16 N/A
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
CVE-2000-0644 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
CVE-2003-0845 2 Jboss, Redhat 2 Jboss, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
CVE-2000-0645 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
CVE-2000-0648 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
CVE-2000-0650 1 Network Associates 2 Netshield, Virusscan 2026-04-16 N/A
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
CVE-2000-0654 1 Microsoft 1 Sql Server 2026-04-16 N/A
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
CVE-2000-0659 1 Analogx 1 Proxy 2026-04-16 N/A
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request.
CVE-2000-0671 1 Roxen 1 Webserver 2026-04-16 N/A
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
CVE-2003-0848 2 Redhat, Slocate 3 Enterprise Linux, Linux, Slocate 2026-04-16 N/A
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
CVE-2004-1043 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
CVE-2000-0673 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
CVE-2003-0850 2 Dug Song, Rafal Wojtczuk 2 Dsniff, Libnids 2026-04-16 N/A
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
CVE-2000-0674 1 Virtual Vision 1 Ftp Browser 2026-04-16 N/A
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.