Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0098 1 Bea 1 Weblogic Server 2026-04-16 N/A
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.
CVE-2001-0133 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
CVE-2001-0170 4 Conectiva, Debian, Immunix and 1 more 4 Linux, Debian Linux, Immunix and 1 more 2026-04-16 N/A
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
CVE-2001-0175 1 Netscape 1 Fasttrack Server 2026-04-16 N/A
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.
CVE-2001-0179 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
CVE-2001-0205 1 Aol 1 Aol Server 2026-04-16 N/A
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack.
CVE-2001-0252 1 Iplanet 1 Iplanet Enterprise Server 2026-04-16 N/A
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.
CVE-2001-0303 1 Pi3 1 Pi3web 2026-04-16 N/A
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
CVE-2001-0317 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
CVE-2001-0593 1 Anaconda Partners 1 Clipper 2026-04-16 N/A
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
CVE-2001-0600 1 Lotus 1 Domino R5 Server 2026-04-16 N/A
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
CVE-2004-2509 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
CVE-2005-2386 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-4164 1 Widgetmonkey 1 Php-addressbook 2026-04-16 N/A
SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3269 1 Thorcms 1 Thorcms 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2001-0677 1 Qualcomm 1 Eudora 2026-04-16 N/A
Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
CVE-2001-0683 1 Netscape 1 Collabra Server 2026-04-16 N/A
Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238.
CVE-2001-0697 1 Netwin 1 Surgeftp 2026-04-16 N/A
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
CVE-2001-0759 1 Jetico 1 Bestcrypt 2026-04-16 N/A
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.
CVE-2001-0818 1 Marty Bochane 1 Mdbms 2026-04-16 N/A
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.