Export limit exceeded: 364866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1679 1 Jigunet 2 Twinftp Enterprise, Twinftp Standard 2026-04-16 N/A
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
CVE-2004-2240 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
CVE-2001-0872 3 Openbsd, Redhat, Suse 3 Openssh, Linux, Suse Linux 2026-04-16 N/A
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
CVE-2001-0873 2 Ian Lance Taylor, Redhat 2 Taylor Uucp, Linux 2026-04-16 N/A
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
CVE-2004-0822 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
CVE-2001-0874 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
CVE-2001-0875 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
CVE-2003-0386 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
CVE-2004-1681 1 Qnx 2 Photon Microgui, Rtp 2026-04-16 N/A
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
CVE-2004-2244 1 Oracle 2 Application Server, Oracle9i 2026-04-16 N/A
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
CVE-2001-0876 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2026-04-16 N/A
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
CVE-2004-2250 1 Goosequill 1 Audienceconnect Remoteeditor 2026-04-16 N/A
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
CVE-2004-2407 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
CVE-2003-0388 2 Andrew Morgan, Redhat 2 Linux Pam, Enterprise Linux 2026-04-16 N/A
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
CVE-2001-0879 1 Microsoft 4 Sql Server, Windows 2000, Windows Nt and 1 more 2026-04-16 N/A
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
CVE-2003-0389 1 Rsa 1 Ace Agent 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
CVE-2004-1685 1 Smc Networks 2 Smc7004vwbr, Smc7008abr 2026-04-16 N/A
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
CVE-2004-2254 1 Netwin 1 Surgeldap 2026-04-16 N/A
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
CVE-2004-2408 1 Vserver 1 Linux-vserver 2026-04-16 N/A
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
CVE-2001-0938 1 Persits 1 Aspupload 2026-04-16 N/A
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.