Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1467 1 Egroupware 1 Egroupware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
CVE-2001-0650 1 Cisco 1 Ios 2026-04-16 N/A
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
CVE-2001-0653 2 Redhat, Sendmail 2 Linux, Sendmail 2026-04-16 N/A
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
CVE-2001-0649 1 Apple 1 Personal Web Sharing 2026-04-16 N/A
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
CVE-2003-1170 1 Gernot Stocker 1 Kpopup 2026-04-16 N/A
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
CVE-2002-1067 1 Seh 1 Ic9 Pocket Print Server Firmware 2026-04-16 N/A
Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow.
CVE-2001-0676 1 Ritlabs 1 The Bat 2026-04-16 N/A
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.
CVE-2002-1068 1 D-link 1 Dp-303 2026-04-16 N/A
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
CVE-2001-0705 1 Arcadia 1 Arcadia Internet Store 2026-04-16 N/A
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
CVE-2002-1075 1 David Harris 1 Pegasus Mail 2026-04-16 N/A
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
CVE-2001-0731 2 Apache, Redhat 3 Http Server, Linux, Secure Web Server 2026-04-16 N/A
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
CVE-2004-2561 1 Internet Sofware Sciences 1 Web\+center 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.
CVE-2002-2074 1 Erwin Lansing 1 Mailidx 2026-04-16 N/A
SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page.
CVE-2003-0047 1 Van Dyke Technologies 3 Entunnel, Securecrt, Securefx 2026-04-16 N/A
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
CVE-2002-1087 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
CVE-2002-1462 1 Organicphp 1 Php-affiliate 2026-04-16 N/A
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
CVE-2003-1269 1 An 1 An-http 2026-04-16 N/A
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
CVE-2003-1278 1 Infopop 1 Opentopic 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.
CVE-2001-0792 1 Xchat 1 Xchat 2026-04-16 N/A
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
CVE-2003-1280 1 Eekim 1 Cgihtml 2026-04-16 N/A
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.