Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0488 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
CVE-2001-1069 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
CVE-2004-2261 1 E107 1 E107 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
CVE-2004-0839 3 Avaya, Microsoft, Nortel 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
CVE-2001-1070 1 Sage Software 1 Mas 200 2026-04-16 N/A
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
CVE-2003-0489 1 Michael C. Toren 1 Tcptraceroute 2026-04-16 N/A
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
CVE-2001-1071 1 Cisco 2 Catos, Ios 2026-04-16 N/A
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
CVE-2001-1072 1 Apache 1 Http Server 2026-04-16 N/A
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVE-2001-1073 1 Webridge 1 Px Application Suite 2026-04-16 N/A
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
CVE-2003-0500 1 Proftpd Project 1 Proftpd 2026-04-16 N/A
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
CVE-2003-0503 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
CVE-2001-1074 1 Webmin 1 Webmin 2026-04-16 N/A
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
CVE-2001-1075 1 Sun 1 Cobalt Raq 3i 2026-04-16 N/A
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
CVE-2003-0513 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2004-0841 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2026-04-16 N/A
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
CVE-2004-2263 1 Playsms 1 Playsms 2026-04-16 N/A
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
CVE-2004-2413 1 Virtual Programming 1 Vp-asp 2026-04-16 N/A
SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
CVE-2001-1076 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
CVE-2004-2268 1 Pimentech 1 Pimengest2 2026-04-16 N/A
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.
CVE-1999-0808 1 Isc 1 Dhcp Client 2026-04-16 N/A
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.