Search Results (363654 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1277 1 Wolfram Schneider 1 Makewhatis 2026-04-16 N/A
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
CVE-2000-0185 1 Realnetworks 2 Realserver, Realserver G2 2026-04-16 N/A
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
CVE-2000-0186 4 Freebsd, Mandrakesoft, Redhat and 1 more 4 Freebsd, Mandrake Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
CVE-2001-1278 1 Zope 1 Zope 2026-04-16 N/A
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
CVE-2002-0372 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
CVE-2000-0187 1 Alex Heiphetz Group 1 Ezshopper 2026-04-16 N/A
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2000-0189 1 Allaire 1 Coldfusion Server 2026-04-16 N/A
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
CVE-2001-1280 1 Ipswitch 1 Imail 2026-04-16 N/A
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
CVE-2002-0374 2 Padl Software, Redhat 3 Pam Ldap, Enterprise Linux, Linux 2026-04-16 N/A
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
CVE-2000-0190 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.
CVE-2001-1281 1 Ipswitch 1 Imail 2026-04-16 N/A
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
CVE-2000-0191 1 Axis 1 Storpoint Cd 2026-04-16 N/A
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.
CVE-2001-1284 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2000-0194 1 Corel 1 Linux 2026-04-16 N/A
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
CVE-2001-1285 1 Ipswitch 1 Imail 2026-04-16 N/A
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
CVE-2000-0199 1 Microsoft 1 Sql Server 2026-04-16 N/A
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
CVE-2000-0202 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVE-2000-0204 1 Trend Micro 1 Officescan 2026-04-16 N/A
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
CVE-2000-0205 1 Trend Micro 1 Officescan 2026-04-16 N/A
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
CVE-2001-1286 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.