Search Results (362972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0048 1 Corel 1 Linux 2026-04-16 N/A
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
CVE-2003-0620 1 Andries Brouwer 1 Man 2026-04-16 N/A
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
CVE-2000-0049 1 Nullsoft 1 Winamp 2026-04-16 N/A
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVE-2003-0623 1 Bea 2 Tuxedo, Weblogic Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
CVE-2000-0052 3 Mandrakesoft, Redhat, Turbolinux 3 Mandrake Linux, Linux, Turbolinux 2026-04-16 N/A
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
CVE-2003-0628 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
CVE-2000-0061 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
CVE-2003-0631 1 Vmware 2 Gsx Server, Workstation 2026-04-16 N/A
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
CVE-2000-0067 1 Cybercash 1 Merchant Connection Kit 2026-04-16 N/A
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
CVE-2003-0636 1 Novell 1 Ichain 2026-04-16 N/A
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
CVE-2000-0077 1 Hp 1 Hp-ux 2026-04-16 N/A
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
CVE-2000-0078 1 Hp 1 Hp-ux 2026-04-16 N/A
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
CVE-2003-0638 1 Novell 1 Ichain 2026-04-16 N/A
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
CVE-2000-0079 1 W3c 1 Cern Httpd 2026-04-16 N/A
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
CVE-2003-0641 1 Watchguard 1 Serverlock 2026-04-16 N/A
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
CVE-2000-0084 1 Globalscape 1 Cuteftp 2026-04-16 N/A
CuteFTP uses weak encryption to store password information in its tree.dat file.
CVE-2004-1019 5 Openpkg, Php, Redhat and 2 more 7 Openpkg, Php, Enterprise Linux and 4 more 2026-04-16 N/A
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
CVE-2000-0085 1 Microsoft 1 Hotmail 2026-04-16 N/A
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
CVE-2003-0646 1 Trend Micro 2 Damage Cleanup Server, Housecall 2026-04-16 N/A
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
CVE-2000-0092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.