Export limit exceeded: 344977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1051 | 5 Debian, Mandrakesoft, Todd Miller and 2 more | 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more | 2026-04-16 | N/A |
| sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | ||||
| CVE-2004-1052 | 3 Bnc, Debian, Gentoo | 3 Bnc, Debian Linux, Linux | 2026-04-16 | N/A |
| Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters. | ||||
| CVE-2004-1053 | 1 Freebsd | 1 Fetch | 2026-04-16 | N/A |
| Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow. | ||||
| CVE-2004-1054 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | ||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | ||||
| CVE-2000-1140 | 1 Recourse Technologies | 1 Mantrap | 2026-04-16 | N/A |
| Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem. | ||||
| CVE-2000-1144 | 1 Recourse Technologies | 1 Mantrap | 2026-04-16 | N/A |
| Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment. | ||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2026-04-16 | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | ||||
| CVE-2004-1056 | 3 Linux, Redhat, Ubuntu | 3 Linux Kernel, Enterprise Linux, Ubuntu Linux | 2026-04-16 | N/A |
| Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. | ||||
| CVE-2004-1057 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | ||||
| CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | ||||
| CVE-2002-1460 | 1 Leszek Krupinski | 1 L-forum | 2026-04-16 | N/A |
| L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. | ||||
| CVE-2002-1491 | 1 Cisco | 1 Vpn 5000 Client | 2026-04-16 | N/A |
| The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. | ||||
| CVE-2004-1058 | 3 Linux, Redhat, Ubuntu | 3 Linux Kernel, Enterprise Linux, Ubuntu Linux | 2026-04-16 | N/A |
| Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline. | ||||
| CVE-2004-1470 | 1 Snipsnap | 1 Snipsnap | 2026-04-16 | N/A |
| CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server. | ||||
| CVE-2002-1887 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter. | ||||
| CVE-2004-1602 | 1 Proftpd | 1 Proftpd | 2026-04-16 | N/A |
| ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | ||||
| CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2026-04-16 | N/A |
| Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | ||||
| CVE-2004-0609 | 1 Rssh | 1 Rssh | 2026-04-16 | N/A |
| rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail. | ||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2026-04-16 | N/A |
| The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | ||||