Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0426 | 1 Ultrascripts | 1 Ultraboard | 2026-04-16 | N/A |
| UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. | ||||
| CVE-2000-0431 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2026-04-16 | N/A |
| Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. | ||||
| CVE-2002-2152 | 1 Software602 | 1 602pro Lan Suite | 2026-04-16 | N/A |
| The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected. | ||||
| CVE-2004-0658 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket. | ||||
| CVE-2004-1564 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. | ||||
| CVE-2000-0432 | 1 Matt Kruse | 1 Calendar Script | 2026-04-16 | N/A |
| The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2002-2159 | 1 Linksys | 3 Befsr11, Befsr41, Befsru31 | 2026-04-16 | N/A |
| Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access. | ||||
| CVE-2004-0659 | 1 Mplayer | 1 Mplayer | 2026-04-16 | N/A |
| Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name. | ||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | ||||
| CVE-2004-2167 | 1 Latex2rtf | 1 Latex2rtf | 2026-04-16 | N/A |
| Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. | ||||
| CVE-2000-0433 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles. | ||||
| CVE-2002-2168 | 1 Thorsten Korner | 1 123tkshop | 2026-04-16 | N/A |
| SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php. | ||||
| CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter. | ||||
| CVE-2004-2168 | 1 Baardsen Software | 1 Basomail Server | 2026-04-16 | N/A |
| BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3). | ||||
| CVE-2000-0434 | 1 Matthew Redman | 1 Allmanage | 2026-04-16 | N/A |
| The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers. | ||||
| CVE-2002-2174 | 1 Software602 | 1 602pro Lan Suite | 2026-04-16 | N/A |
| The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections. | ||||
| CVE-2004-2427 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2026-04-16 | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. | ||||
| CVE-2006-0052 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2026-04-16 | N/A |
| The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||||
| CVE-2004-2429 | 1 Enderunix Software | 1 Spamguard | 2026-04-16 | N/A |
| Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c. | ||||
| CVE-2006-3531 | 1 Pivot | 1 Pivot | 2026-04-16 | N/A |
| includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters. | ||||