Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1494 3 Avaya, Kernel, Redhat 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more 2026-04-16 5.5 Medium
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
CVE-2004-0066 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.
CVE-2001-1483 1 Nrl.navy 1 One-time Passwords In Everything 2026-04-16 N/A
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
CVE-2004-0065 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
CVE-2001-1474 1 Ssh 1 Ssh 2026-04-16 N/A
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
CVE-2001-1473 1 Ssh 1 Ssh 2026-04-16 N/A
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
CVE-2004-0063 1 Ncipher 1 Payshield Spp Library 2026-04-16 N/A
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
CVE-2001-1468 1 Secure Reality 1 Phpsecurepages 2026-04-16 N/A
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
CVE-2001-1467 1 Don Libes 1 Expect 2026-04-16 N/A
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
CVE-2006-4662 1 Mirabilis 1 Icq 2026-04-16 N/A
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
CVE-2004-0062 1 Fishnet 1 Fishcart 2026-04-16 N/A
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
CVE-2001-1465 1 Surfcontrol 1 Superscout Web Filter 2026-04-16 N/A
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
CVE-2001-1462 1 Rsa 1 Securid 2026-04-16 N/A
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
CVE-2001-1085 1 Jon Zeeff 1 Lmail 2026-04-16 N/A
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2001-1086 1 Xfree86 Project 1 X11r6 2026-04-16 N/A
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
CVE-2003-1448 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
CVE-2003-1451 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
CVE-2001-1088 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
CVE-2003-1452 1 Qualcomm 1 Qpopper 2026-04-16 N/A
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
CVE-2001-1090 1 Alessandro Gardich 1 Nss Postgresql 2026-04-16 N/A
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.