Search Results (364866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1229 1 Id Software 1 Quake 2 Server 2026-04-16 N/A
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
CVE-2003-0489 1 Michael C. Toren 1 Tcptraceroute 2026-04-16 N/A
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
CVE-2004-0831 1 Mcafee 1 Virusscan 2026-04-16 N/A
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
CVE-1999-1231 1 Ssh 1 Ssh2 2026-04-16 N/A
ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
CVE-1999-1233 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
CVE-1999-1235 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
CVE-1999-1239 1 Hp 1 Hp-ux 2026-04-16 N/A
HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.
CVE-2003-0490 1 Dantz 1 Retrospect Client 2026-04-16 N/A
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
CVE-1999-1248 1 Hp 1 Hp-ux 2026-04-16 N/A
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
CVE-2003-0492 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
CVE-1999-1249 1 Hp 1 Hp-ux 2026-04-16 N/A
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
CVE-1999-1253 1 Sco 2 Internet Faststart, Openserver 2026-04-16 N/A
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
CVE-2003-0494 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
CVE-1999-1257 1 Xyplex 1 Maxserver Xyplex Terminal Server 2026-04-16 N/A
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).
CVE-2003-0500 1 Proftpd Project 1 Proftpd 2026-04-16 N/A
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
CVE-1999-1260 1 Hughes 1 Msql 2026-04-16 N/A
mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
CVE-2003-0501 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
CVE-1999-1263 1 Metamail Corporation 1 Metamail 2026-04-16 N/A
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
CVE-2003-0502 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVE-1999-1268 1 Kde 1 Kde 2026-04-16 N/A
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.