Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0350 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
CVE-2001-0352 2 3com, Symbol 2 3crwe747a, 41x1 Access Point 2026-04-16 N/A
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
CVE-2003-1203 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
CVE-2001-0357 1 Matt Wright 1 Formmail 2026-04-16 N/A
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
CVE-2003-1204 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
CVE-2001-0370 1 Michael A. Gumienny 1 Fcheck 2026-04-16 N/A
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
CVE-2001-0371 1 Freebsd 1 Freebsd 2026-04-16 N/A
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
CVE-2003-1206 1 Crob 1 Crob Ftp Server 2026-04-16 N/A
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.
CVE-2001-0377 1 Infradig 1 Inframail 2026-04-16 N/A
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
CVE-2001-0392 1 Navision 1 Financials Server 2026-04-16 N/A
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
CVE-2003-1213 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVE-2003-1252 1 Kelli Shaver 1 S8forum 2026-04-16 N/A
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
CVE-2001-0555 1 Screaming Media 1 Siteware 2026-04-16 N/A
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
CVE-2001-0560 2 Paul Vixie, Redhat 2 Vixie Cron, Linux 2026-04-16 N/A
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
CVE-2001-0561 1 Drummond Miles 1 A1stats 2026-04-16 N/A
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
CVE-2005-3941 1 Greywyvern 1 Orca Blog 2026-04-16 N/A
SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
CVE-2001-0574 1 Jason Rahaim 1 Mp3mystic 2026-04-16 N/A
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
CVE-2003-1254 1 Active Php Bookmarks 1 Active Php Bookmarks 2026-04-16 N/A
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.
CVE-2001-0587 1 Sco 1 Openserver 2026-04-16 N/A
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
CVE-2003-1261 1 Globalscape 1 Cuteftp 2026-04-16 N/A
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.