Export limit exceeded: 344952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3676 | 1 Planet Concept | 1 Planetgallery | 2026-04-16 | N/A |
| admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. | ||||
| CVE-2002-2118 | 1 Blue World Communications | 1 Lasso Web Data Engine | 2026-04-16 | N/A |
| Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL. | ||||
| CVE-2003-0936 | 1 Symantec | 1 Pcanywhere | 2026-04-16 | N/A |
| Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe. | ||||
| CVE-1999-0696 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). | ||||
| CVE-1999-0698 | 2026-04-16 | N/A | ||
| Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. | ||||
| CVE-2006-3677 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | ||||
| CVE-2006-3678 | 1 3com | 1 Tippingpoint Ips Tos | 2026-04-16 | N/A |
| TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. | ||||
| CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. | ||||
| CVE-2006-3679 | 1 Fatwire | 1 Fatwire Content Server | 2026-04-16 | N/A |
| FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process. | ||||
| CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | ||||
| CVE-1999-0006 | 1 Qualcomm | 1 Qpopper | 2026-04-16 | 9.8 Critical |
| Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. | ||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2026-04-16 | 9.8 Critical |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||||
| CVE-2002-2073 | 1 Microsoft | 3 Site Server, Site Server Commerce, Windows Nt | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. | ||||
| CVE-2002-2134 | 1 Peel | 1 Peel | 2026-04-16 | N/A |
| haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. | ||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | ||||
| CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2026-04-16 | N/A |
| phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | ||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | ||||
| CVE-2002-2207 | 1 Eric Rescorla | 1 Ssldump | 2026-04-16 | N/A |
| Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret. | ||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | ||||
| CVE-2002-2219 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-16 | N/A |
| chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field. | ||||