Export limit exceeded: 345023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345023 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0798 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files. | ||||
| CVE-2006-3542 | 1 Boxcar Media | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php. | ||||
| CVE-2006-3881 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806. | ||||
| CVE-2000-0019 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| IMail POP3 daemon uses weak encryption, which allows local users to read files. | ||||
| CVE-2000-0799 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file. | ||||
| CVE-2001-0204 | 1 Watchguard | 1 Firebox Ii | 2026-04-16 | N/A |
| Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. | ||||
| CVE-2001-0302 | 1 Pi3 | 1 Pi3web | 2026-04-16 | N/A |
| Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. | ||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2026-04-16 | N/A |
| AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information. | ||||
| CVE-2001-0467 | 1 Robtex | 1 Viking Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. | ||||
| CVE-2001-1115 | 1 Sixhead | 1 Six-webboard | 2026-04-16 | N/A |
| generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. | ||||
| CVE-2001-1142 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. | ||||
| CVE-2006-3883 | 1 Gonafish | 1 Linkscaffe | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php. | ||||
| CVE-2000-0021 | 1 Lotus | 1 Domino Server | 2026-04-16 | N/A |
| Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. | ||||
| CVE-2006-3884 | 1 Gonafish | 1 Linkscaffe | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE. | ||||
| CVE-2001-0303 | 1 Pi3 | 1 Pi3web | 2026-04-16 | N/A |
| tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. | ||||
| CVE-2000-0022 | 1 Lotus | 1 Domino Server | 2026-04-16 | N/A |
| Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. | ||||
| CVE-2006-3543 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB | ||||
| CVE-2000-0023 | 1 Lotus | 1 Domino Server | 2026-04-16 | N/A |
| Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. | ||||
| CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2026-04-16 | N/A |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. | ||||
| CVE-2001-1143 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. | ||||