Export limit exceeded: 25860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25860 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0456 | 1 Deerfield | 1 Visnetic Website | 2026-04-16 | N/A |
| VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. | ||||
| CVE-2003-0795 | 4 Gnu, Quagga, Redhat and 1 more | 5 Zebra, Quagga, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | ||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2026-04-16 | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2003-1003 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | ||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | ||||
| CVE-2004-0244 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | ||||
| CVE-2004-0276 | 1 Monkey-project | 1 Monkey | 2026-04-16 | N/A |
| The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | ||||
| CVE-2004-0294 | 1 Yabbforumsoftware | 1 Yet Another Bulletin Board | 2026-04-16 | N/A |
| YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | ||||
| CVE-2004-0778 | 2 Gnu, Redhat | 2 Cvs, Enterprise Linux | 2026-04-16 | N/A |
| CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. | ||||
| CVE-2004-1428 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | ||||
| CVE-2004-1602 | 1 Proftpd | 1 Proftpd | 2026-04-16 | N/A |
| ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | ||||
| CVE-2004-1617 | 1 University Of Kansas | 1 Lynx | 2026-04-16 | N/A |
| Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. | ||||
| CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2026-04-16 | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | ||||
| CVE-2005-0449 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||||
| CVE-2005-0492 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node. | ||||
| CVE-2005-1330 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. | ||||
| CVE-2005-1398 | 1 Phpcart | 1 Phpcart | 2026-04-16 | N/A |
| phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected. | ||||
| CVE-2005-2036 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2026-04-16 | N/A |
| modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value. | ||||
| CVE-2005-2177 | 2 Net-snmp, Redhat | 2 Net-snmp, Enterprise Linux | 2026-04-16 | N/A |
| Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | ||||