Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2131 1 Ibm 2 Informix Dynamic Server, Informix Extended Parallel Server 2026-04-16 N/A
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
CVE-2000-0252 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
CVE-2004-1485 2 Gnu, Tftp 2 Inetutils, Tftp 2026-04-16 N/A
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
CVE-2000-0253 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
CVE-2002-1832 1 Scaramanga 1 Firestorm Ids 2026-04-16 N/A
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options.
CVE-2004-0551 1 Cisco 24 Catalyst 2901, Catalyst 2902, Catalyst 2926 and 21 more 2026-04-16 N/A
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
CVE-2000-0254 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
CVE-2002-1833 1 Xerox 2 Docutech 6110, Docutech 6115 2026-04-16 N/A
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
CVE-2004-0552 1 Sophos 1 Small Business Suite 2026-04-16 N/A
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
CVE-2004-1486 1 Hp 2 Cluster Object Manager, Serviceguard 2026-04-16 N/A
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.
CVE-2004-2132 1 Pj Cgi Neo Review 1 Pj Cgi Neo Review 2026-04-16 N/A
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
CVE-2004-2373 1 Aol 1 Instant Messenger 2026-04-16 N/A
The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
CVE-2000-0266 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
CVE-2002-1834 1 Xerox 2 Docutech 6110, Docutech 6115 2026-04-16 N/A
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
CVE-2000-0267 1 Cisco 1 Catos 2026-04-16 N/A
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
CVE-2002-1835 1 Xerox 2 Docutech 6110, Docutech 6115 2026-04-16 N/A
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
CVE-2004-0554 6 Avaya, Conectiva, Gentoo and 3 more 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVE-2004-1487 2 Gnu, Redhat 2 Wget, Enterprise Linux 2026-04-16 N/A
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
CVE-2004-2134 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
CVE-2005-0968 1 Broadcom 1 Etrust Intrusion Detection 2026-04-16 N/A
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.