Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0045 2 Apache, Netscape 4 Http Server, Commerce Server, Communications Server and 1 more 2026-04-16 N/A
List of arbitrary files on Web host via nph-test-cgi script.
CVE-1999-0100 1 Isc 1 Inn 2026-04-16 N/A
Remote access in AIX innd 1.5.1, using control messages.
CVE-1999-0333 1 Hp 1 Hp-ux 2026-04-16 N/A
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
CVE-1999-0444 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2026-04-16 N/A
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
CVE-1999-1552 1 Ibm 1 Aix 2026-04-16 N/A
dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.
CVE-2000-0088 1 Microsoft 4 Office, Office Converter Pack, Powerpoint and 1 more 2026-04-16 N/A
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
CVE-2000-0439 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
CVE-2000-0621 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
CVE-2004-0437 1 South River Technologies 1 Titan Ftp Server 2026-04-16 N/A
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
CVE-2004-2097 1 Suse 1 Suse Linux 2026-04-16 N/A
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
CVE-2005-3887 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-16 N/A
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
CVE-2006-2638 1 Qjstudios 1 Qjforum 2026-04-16 N/A
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
CVE-2006-2641 1 John Frank 1 Asset Manager 2026-04-16 N/A
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
CVE-2006-2650 1 Cosmicphp 1 Cosmicshoppingcart 2026-04-16 N/A
SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.
CVE-2006-2651 1 Vacation Rentals 1 Vacation Rental Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.
CVE-2002-0313 1 Essen 1 Essentia Web Server 2026-04-16 N/A
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.
CVE-2003-1325 1 Valve Software 1 Half-life Cstrike Dedicated Server 2026-04-16 N/A
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.
CVE-2005-3340 1 New Breed Software 1 Tux Paint 2026-04-16 N/A
The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
CVE-2005-3757 1 Google 2 Mini Search Appliance, Search Appliance 2026-04-16 N/A
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
CVE-2006-0310 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.