Export limit exceeded: 363531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0835 4 Debian, Mysql, Oracle and 1 more 5 Debian Linux, Mysql, Mysql and 2 more 2026-04-16 N/A
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
CVE-2003-0468 3 Conectiva, Redhat, Wietse Venema 3 Linux, Linux, Postfix 2026-04-16 N/A
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
CVE-2001-1004 1 Gnutella 1 Gnutella Client 2026-04-16 N/A
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
CVE-2001-1003 1 Webct 1 Respondus 2026-04-16 N/A
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
CVE-2000-0913 1 Apache 1 Http Server 2026-04-16 N/A
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVE-2002-1705 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
CVE-2001-1002 1 Redhat 1 Linux 2026-04-16 N/A
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
CVE-2001-1000 1 Merit 1 Aaa Radius Server 2026-04-16 N/A
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
CVE-2004-2233 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
CVE-2004-0281 1 Caucho 1 Resin 2026-04-16 N/A
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
CVE-2004-0989 5 Redhat, Trustix, Ubuntu and 2 more 7 Enterprise Linux, Fedora Core, Secure Linux and 4 more 2026-04-16 N/A
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
CVE-2005-4516 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.
CVE-2005-4522 1 Mantis 1 Mantis 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
CVE-2005-4532 1 Scponly 1 Scponly 2026-04-16 N/A
scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.
CVE-2005-4546 1 Epic Designs 1 Eggblog 2026-04-16 N/A
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.
CVE-2005-4555 1 Dev 1 Dev Web Management System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter.
CVE-2006-0059 1 Livedata 1 Iccp Server 2026-04-16 N/A
Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
CVE-2006-1856 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
CVE-2004-1674 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
CVE-2006-2459 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.