Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2308 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
CVE-2004-2617 1 Pegasi Web Server 1 Pegasi Web Server 2026-04-16 N/A
Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
CVE-2004-2309 1 Crob 1 Crob Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
CVE-2001-1397 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
CVE-2004-2621 1 Nortel 1 Contivity 2026-04-16 N/A
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
CVE-2004-2326 1 Ip3 Networks 3 Ip3 Netaccess, Ip3 Netaccess - Hospitality, Ip3 Netaccess - Wireless Hotspots 2026-04-16 N/A
SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.
CVE-2001-1418 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
CVE-2001-0862 1 Cisco 1 12000 Router 2026-04-16 N/A
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
CVE-2001-1427 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
CVE-2000-0883 1 Mandrakesoft 1 Mandrake Linux 2026-04-16 N/A
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
CVE-2001-0870 2 Alchemy Lab, Dek Software 2 Alchemy Eye, Alchemy Network Monitor 2026-04-16 N/A
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
CVE-2004-2329 1 Kerio 1 Personal Firewall 2026-04-16 N/A
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
CVE-2000-0891 1 Ibm 1 Lotus Notes 2026-04-16 N/A
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
CVE-2004-1055 2 Gentoo, Phpmyadmin 2 Linux, Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVE-2004-2330 1 Macromedia 1 Coldfusion 2026-04-16 N/A
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
CVE-2000-0870 1 Khamil Landross And Zack Jones 1 Eftp 2026-04-16 N/A
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
CVE-2000-0900 1 Acme Labs 1 Thttpd 2026-04-16 N/A
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
CVE-2004-2628 1 Acme Labs 1 Thttpd 2026-04-16 N/A
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
CVE-2000-0908 1 Netcplus 1 Browsegate 2026-04-16 N/A
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.
CVE-2004-2335 1 Macromedia 2 Contribute, Studio 2026-04-16 N/A
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.