Search Results (364952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0502 1 Mcafee 1 Virusscan 2026-04-16 N/A
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
CVE-2002-0092 2 Cvs, Redhat 2 Cvs, Linux 2026-04-16 N/A
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
CVE-2004-0916 1 Cabextract Project 1 Cabextract 2026-04-16 N/A
Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.
CVE-2004-2192 1 Turbotraffictrader 1 Turbotraffictrader Php 2026-04-16 N/A
SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.
CVE-2000-1082 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2004-0921 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2026-04-16 N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
CVE-2000-0507 1 Concatus 1 Imate Webmail Server 2026-04-16 N/A
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
CVE-2004-0926 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2026-04-16 N/A
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
CVE-2004-2196 1 Zanfi Solutions 1 Zanfi Cms Lite 2026-04-16 N/A
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
CVE-2000-1083 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2002-0267 1 Sips 1 Sips 2026-04-16 N/A
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
CVE-2001-1291 1 3com 2 Superstack Ii Ps Hub 40, Superstack Ii Ps Hub 40 Firmware 2026-04-16 9.8 Critical
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
CVE-2001-0519 1 Aladdin Knowledge Systems 1 Esafe Gateway 2026-04-16 N/A
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
CVE-2004-2106 1 Novell 1 Netware 2026-04-16 N/A
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
CVE-2004-0812 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2000-0957 1 Pam Mysql 1 Pam Mysql 2026-04-16 N/A
The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
CVE-2000-0250 1 Qnx 1 Qnx 2026-04-16 N/A
The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
CVE-2001-0496 2 Mandrakesoft, Redhat 2 Mandrake Linux, Linux 2026-04-16 N/A
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
CVE-2000-0956 1 Carnegie Mellon University 1 Cyrus-sasl 2026-04-16 N/A
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
CVE-2000-0955 1 Cisco 1 Virtual Central Office 4000 2026-04-16 N/A
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.