Search Results (363364 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0993 1 3com 1 Tippingpoint Sms Server 2026-04-16 N/A
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
CVE-2006-1003 1 Netgear 1 Wgt624 2026-04-16 N/A
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
CVE-2006-1007 1 Nathan Landry 1 N8cms Sitesuite Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.
CVE-2006-1012 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
CVE-2006-1014 1 Php 1 Php 2026-04-16 N/A
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
CVE-2002-1145 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
CVE-2001-0529 1 Openbsd 1 Openssh 2026-04-16 N/A
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
CVE-2001-0650 1 Cisco 1 Ios 2026-04-16 N/A
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
CVE-2001-0670 5 Bsd, Freebsd, Netbsd and 2 more 5 Bsd, Freebsd, Netbsd and 2 more 2026-04-16 N/A
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
CVE-2001-1158 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
CVE-1999-0077 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Predictable TCP sequence numbers allow spoofing.
CVE-2001-0916 1 Berkeley 1 Pmake 2026-04-16 N/A
Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.
CVE-2002-0131 1 Activestate 1 Activepython 2026-04-16 N/A
ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.
CVE-2001-0922 1 Sun 1 Netdynamics 2026-04-16 N/A
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
CVE-2001-0923 1 Redhat 1 Redhat Package Manager 2026-04-16 N/A
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.
CVE-1999-0078 10 Bsdi, Freebsd, Hp and 7 more 11 Bsd Os, Freebsd, Hp-ux and 8 more 2026-04-16 N/A
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
CVE-1999-0079 1 Bisonware 1 Bisonware Ftp Server 2026-04-16 N/A
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.
CVE-2001-0924 1 Ibm 1 Informix Web Datablade 2026-04-16 N/A
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.
CVE-2002-0133 1 Avirt 3 Avirt Gateway, Avirt Gateway Suite, Avirt Soho 2026-04-16 N/A
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
CVE-1999-0080 1 Washington University 1 Wu-ftpd 2026-04-16 N/A
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.