Export limit exceeded: 344947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0703 | 1 Larry Wall | 1 Perl | 2026-04-16 | N/A |
| suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. | ||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2026-04-16 | N/A |
| Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | ||||
| CVE-2006-3786 | 1 Symantec | 1 Pcanywhere | 2026-04-16 | N/A |
| Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. | ||||
| CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2026-04-16 | N/A |
| Buffer overflow in NLS (Natural Language Service). | ||||
| CVE-1999-1046 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. | ||||
| CVE-2006-3787 | 1 Kerio | 1 Personal Firewall | 2026-04-16 | N/A |
| kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. | ||||
| CVE-2006-3788 | 1 Ufo2000 | 1 Ufo2000 | 2026-04-16 | N/A |
| Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data. | ||||
| CVE-2006-3790 | 1 Ufo2000 | 1 Ufo2000 | 2026-04-16 | N/A |
| The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read. | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2026-04-16 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2026-04-16 | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | ||||
| CVE-2006-3791 | 1 Ufo2000 | 1 Ufo2000 | 2026-04-16 | N/A |
| The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory. | ||||
| CVE-2006-3792 | 1 Ufo2000 | 1 Ufo2000 | 2026-04-16 | N/A |
| SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function. | ||||
| CVE-1999-1055 | 1 Microsoft | 1 Excel | 2026-04-16 | N/A |
| Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." | ||||
| CVE-2006-3793 | 1 Sitedepth | 1 Sitedepth Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter. | ||||
| CVE-1999-1057 | 1 Digital | 1 Vms | 2026-04-16 | N/A |
| VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | ||||
| CVE-2006-3794 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried. | ||||
| CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2026-04-16 | N/A |
| Buffer overflow of rlogin program using TERM environmental variable. | ||||
| CVE-1999-1058 | 1 Arcane Software | 1 Vermillion Ftp Daemon | 2026-04-16 | N/A |
| Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands. | ||||
| CVE-2000-0704 | 3 Freewnn, Omron, Wnn | 3 Freewnn, Worldview, Wnn4 | 2026-04-16 | N/A |
| Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. | ||||
| CVE-2006-3795 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. | ||||