Export limit exceeded: 25863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0047 | 1 Freeciv | 1 Freeciv | 2026-04-16 | N/A |
| packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values. | ||||
| CVE-2005-4875 | 1 Typo3 | 1 Typo3 | 2026-04-16 | N/A |
| TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | ||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2026-04-16 | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2005-4846 | 1 Spey | 1 Spey | 2026-04-16 | N/A |
| Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call. | ||||
| CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | ||||
| CVE-2005-3946 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | ||||
| CVE-2006-3561 | 1 Bt | 1 Voyager 2091 Wireless Adsl Router | 2026-04-16 | N/A |
| BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. | ||||
| CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2026-04-16 | N/A |
| The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | ||||
| CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2026-04-16 | N/A |
| Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | ||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2026-04-16 | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | ||||
| CVE-1999-0001 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2026-04-16 | N/A |
| ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. | ||||
| CVE-1999-0059 | 1 Sgi | 1 Irix | 2026-04-16 | 7.3 High |
| IRIX fam service allows an attacker to obtain a list of all files on the server. | ||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2026-04-16 | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | ||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | ||||
| CVE-1999-0918 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2026-04-16 | N/A |
| Denial of service in various Windows systems via malformed, fragmented IGMP packets. | ||||
| CVE-1999-0995 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." | ||||
| CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | ||||
| CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2026-04-16 | N/A |
| Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | ||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||||
| CVE-2000-1117 | 1 Ibm | 1 Lotus Notes | 2026-04-16 | N/A |
| The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | ||||