Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0860 1 Php 1 Php 2026-04-16 N/A
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVE-2000-0868 2 Apache, Suse 2 Http Server, Suse Linux 2026-04-16 N/A
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVE-2002-0030 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-16 N/A
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
CVE-2000-0117 1 Sun 3 Cobalt Raq, Cobalt Raq 2, Cobalt Raq 3i 2026-04-16 N/A
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
CVE-2000-0877 1 Ranson Johnson 1 Mailform 2026-04-16 N/A
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
CVE-2000-0122 1 Microsoft 1 Frontpage 2026-04-16 N/A
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
CVE-2000-0878 1 Ranson Johnson 1 Mailto Cgi Script 2026-04-16 N/A
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
CVE-2004-2595 1 Id Software 1 Quake Ii Server Linux 2026-04-16 N/A
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
CVE-2000-0127 1 Progress 1 Webspeed 2026-04-16 N/A
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
CVE-2006-3736 1 Mambo 1 Videodb 2026-04-16 N/A
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2002-0341 1 Novell 1 Groupwise 2026-04-16 N/A
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter.
CVE-2000-0250 1 Qnx 1 Qnx 2026-04-16 N/A
The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
CVE-2000-0957 1 Pam Mysql 1 Pam Mysql 2026-04-16 N/A
The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
CVE-2004-0812 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
CVE-2004-2106 1 Novell 1 Netware 2026-04-16 N/A
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
CVE-2001-0519 1 Aladdin Knowledge Systems 1 Esafe Gateway 2026-04-16 N/A
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
CVE-2002-0267 1 Sips 1 Sips 2026-04-16 N/A
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
CVE-2000-0963 4 Freebsd, Gnu, Immunix and 1 more 4 Freebsd, Ncurses, Immunix and 1 more 2026-04-16 N/A
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
CVE-2000-0964 1 Siemens 1 Hinet Lp 2026-04-16 N/A
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
CVE-2004-2110 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.