Export limit exceeded: 29918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2103 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. | ||||
| CVE-2004-2104 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | ||||
| CVE-2006-4852 | 1 Quadcomm | 1 Q-shop | 2026-04-16 | N/A |
| SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. | ||||
| CVE-2006-4907 | 1 Ohio State University | 1 Osu Httpd | 2026-04-16 | N/A |
| OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message. | ||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | ||||
| CVE-1999-1492 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges. | ||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | ||||
| CVE-2000-1177 | 1 Bb4 | 1 Big Brother Network Monitor | 2026-04-16 | N/A |
| bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter. | ||||
| CVE-2001-0097 | 1 Infinite | 1 Infinite Interchange | 2026-04-16 | N/A |
| The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. | ||||
| CVE-2004-0824 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files. | ||||
| CVE-2005-0710 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. | ||||
| CVE-2005-1057 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | ||||
| CVE-2000-0077 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. | ||||
| CVE-2000-0005 | 1 Hp | 3 9000, Aserver, Hp-ux | 2026-04-16 | N/A |
| HP-UX aserver program allows local users to gain privileges via a symlink attack. | ||||
| CVE-2000-0078 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. | ||||
| CVE-2000-0112 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | ||||
| CVE-2000-0123 | 1 Filemaker | 1 Filemaker | 2026-04-16 | N/A |
| The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields. | ||||
| CVE-2000-0014 | 1 Michael Lamont | 1 Savant Webserver | 2026-04-16 | N/A |
| Denial of service in Savant web server via a null character in the requested URL. | ||||
| CVE-2000-0082 | 1 Microsoft | 1 Webtv | 2026-04-16 | N/A |
| WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. | ||||
| CVE-2000-0084 | 1 Globalscape | 1 Cuteftp | 2026-04-16 | N/A |
| CuteFTP uses weak encryption to store password information in its tree.dat file. | ||||