Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2636 1 Rit Research Labs 1 Tinyweb 2026-04-16 N/A
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
CVE-2004-1939 1 Rhinosoft 1 Zaep Antispam 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
CVE-2001-1572 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
CVE-2003-0840 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
CVE-2000-0588 1 Sawmill 1 Sawmill 2026-04-16 N/A
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
CVE-2000-0585 1 Isc 1 Dhcp Client 2026-04-16 N/A
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2006-3390 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.
CVE-2006-3389 1 Wordpress 1 Wordpress 2026-04-16 N/A
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.
CVE-2000-0583 1 Inter7 1 Vpopmail Vchkpw 2026-04-16 N/A
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
CVE-2000-0059 1 Php 1 Php 2026-04-16 N/A
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVE-2000-0577 1 Netscape 1 Professional Services Ftpserver 2026-04-16 N/A
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0576 1 Oracle 1 Web Listener 2026-04-16 N/A
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
CVE-2000-0568 1 Sybergen 1 Secure Desktop 2026-04-16 N/A
Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.
CVE-2002-0243 1 Opera Software 1 Opera Web Browser 2026-04-16 N/A
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2001-0301 2 Redhat, Stephen Turner 2 Secure Web Server, Analog 2026-04-16 N/A
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
CVE-2000-0556 1 Computalynx 1 Cmail 2026-04-16 N/A
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.
CVE-2000-0544 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
CVE-2000-0539 1 Macromedia 1 Jrun 2026-04-16 N/A
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
CVE-2004-2010 1 Phpshop 1 Phpshop 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
CVE-2000-0527 1 3r Soft 1 Mailstudio 2000 2026-04-16 N/A
userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.