Search Results (363151 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0297 1 Dattaraj Rao 1 Simple Server 2026-04-16 N/A
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2001-0310 1 Freebsd 1 Freebsd 2026-04-16 N/A
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
CVE-2003-1191 1 E107 1 E107 2026-04-16 N/A
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
CVE-2001-0318 1 Proftpd Project 1 Proftpd 2026-04-16 N/A
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
CVE-2003-1194 1 Booby 1 Booby 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
CVE-2004-1077 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2026-04-16 N/A
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
CVE-2001-0322 1 Microsoft 3 Internet Explorer, Outlook, Outlook Express 2026-04-16 N/A
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
CVE-2003-1197 1 Ledscripts.com 1 Ledforums 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
CVE-2004-1080 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Nt 2026-04-16 N/A
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
CVE-2001-0344 1 Microsoft 1 Sql Server 2026-04-16 N/A
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
CVE-2001-0347 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
CVE-2003-1199 1 Myproxy 1 Myproxy 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2001-0350 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
CVE-2001-0352 2 3com, Symbol 2 3crwe747a, 41x1 Access Point 2026-04-16 N/A
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
CVE-2003-1203 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
CVE-2001-0357 1 Matt Wright 1 Formmail 2026-04-16 N/A
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
CVE-2003-1204 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
CVE-2001-0361 2 Openbsd, Ssh 2 Openssh, Ssh 2026-04-16 N/A
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
CVE-2001-0370 1 Michael A. Gumienny 1 Fcheck 2026-04-16 N/A
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
CVE-2001-0371 1 Freebsd 1 Freebsd 2026-04-16 N/A
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.