Export limit exceeded: 345219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345219 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. | ||||
| CVE-1999-1366 | 1 David Harris | 1 Pegasus Mail | 2026-04-16 | N/A |
| Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. | ||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | ||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2026-04-16 | N/A |
| Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | ||||
| CVE-1999-1402 | 2 Freebsd, Sun | 3 Freebsd, Solaris, Sunos | 2026-04-16 | N/A |
| The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. | ||||
| CVE-1999-1420 | 1 N-base | 5 Nh2012, Nh2012r, Nh2015 and 2 more | 2026-04-16 | N/A |
| NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration. | ||||
| CVE-1999-1440 | 1 Mirabilis | 1 Icq 98a | 2026-04-16 | N/A |
| Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client. | ||||
| CVE-1999-1443 | 1 Micah Software | 1 Full Armor | 2026-04-16 | N/A |
| Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using <CTRL><ALT><DEL> and kill the process using the task manager, (2) booting the system from a separate disk, or (3) interrupting certain processes that execute while the system is booting. | ||||
| CVE-1999-1445 | 1 Slackware | 1 Slackware Linux | 2026-04-16 | N/A |
| Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords. | ||||
| CVE-1999-1456 | 1 Thttpd | 1 Thttpd Http Server | 2026-04-16 | N/A |
| thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. | ||||
| CVE-1999-1484 | 1 Microsoft | 1 Msn Setup Bulletin Board Services | 2026-04-16 | N/A |
| Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured. | ||||
| CVE-1999-1501 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. | ||||
| CVE-2006-3552 | 1 Ipswitch | 2 Ipswitch Collaboration Suite, Ipswitch Secure Server | 2026-04-16 | N/A |
| Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. | ||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2026-04-16 | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | ||||
| CVE-2006-3554 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | ||||
| CVE-2006-3555 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. | ||||
| CVE-2006-3556 | 1 Extcalendar | 1 Extcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-1999-0541 | 2026-04-16 | N/A | ||
| A password for accessing a WWW URL is guessable. | ||||
| CVE-2006-3557 | 1 Mt Orumcek | 1 Mt Orumcek Toplist | 2026-04-16 | N/A |
| MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-1999-1073 | 1 Excite | 1 Ews | 2026-04-16 | N/A |
| Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. | ||||