Export limit exceeded: 344977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0965 | 1 Glftpd | 1 Glftpd | 2026-04-16 | N/A |
| glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. | ||||
| CVE-2001-0969 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. | ||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2026-04-16 | N/A |
| Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | ||||
| CVE-2001-0970 | 1 Tdavid | 1 Td Forum | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. | ||||
| CVE-2001-0971 | 1 Aci | 1 4d Webserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. | ||||
| CVE-2001-0972 | 1 Surf-net | 1 Asp Forum | 2026-04-16 | N/A |
| Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." | ||||
| CVE-2001-0973 | 1 Fraunhofer Fit | 1 Bscw | 2026-04-16 | N/A |
| BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. | ||||
| CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2026-04-16 | N/A |
| Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | ||||
| CVE-2001-0975 | 1 Oracle | 1 Internet Directory | 2026-04-16 | N/A |
| Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | ||||
| CVE-2001-0976 | 1 Hp | 1 Process Resource Manager | 2026-04-16 | N/A |
| Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. | ||||
| CVE-2001-0981 | 1 Hp | 1 Cifs-9000 Server | 2026-04-16 | N/A |
| HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. | ||||
| CVE-2001-0983 | 1 Ultraedit | 1 Ultraedit-32 | 2026-04-16 | N/A |
| UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. | ||||
| CVE-2001-1158 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. | ||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2026-04-16 | N/A |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | ||||
| CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | ||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2026-04-16 | N/A |
| Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. | ||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-16 | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | ||||
| CVE-2001-0989 | 1 Richard Everitt | 1 Pileup | 2026-04-16 | N/A |
| Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. | ||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2026-04-16 | N/A |
| Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | ||||
| CVE-2001-1160 | 1 Microburst | 1 Udirectory | 2026-04-16 | N/A |
| udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field. | ||||