Export limit exceeded: 20038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362578 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2026-04-16 | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | ||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2026-04-16 | N/A |
| Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | ||||
| CVE-2000-0904 | 1 Qnx | 1 Voyager | 2026-04-16 | N/A |
| Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. | ||||
| CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | ||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2026-04-16 | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | ||||
| CVE-2002-1200 | 1 Oneidentity | 1 Syslog-ng | 2026-04-16 | N/A |
| Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-1999-0972 | 1 Wolfpack Development | 1 Xshipwars | 2026-04-16 | N/A |
| Buffer overflow in Xshipwars xsw program. | ||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2026-04-16 | N/A |
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | ||||
| CVE-2002-1123 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. | ||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2026-04-16 | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2002-1039 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. | ||||
| CVE-2002-0994 | 1 Sun | 1 Sun Pci Ii Driver | 2026-04-16 | N/A |
| SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications. | ||||
| CVE-2006-2479 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site. | ||||
| CVE-2006-2390 | 1 Ozjournals | 1 Ozjournals | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. | ||||
| CVE-2002-0943 | 1 Metalinks | 1 Metacart2.sql | 2026-04-16 | N/A |
| MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. | ||||
| CVE-2002-0904 | 1 Kismet | 1 Kismet | 2026-04-16 | N/A |
| SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. | ||||
| CVE-2002-0886 | 1 Cisco | 1 Cbos | 2026-04-16 | N/A |
| Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory. | ||||
| CVE-2002-0882 | 1 Cisco | 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 | 2026-04-16 | N/A |
| The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. | ||||
| CVE-2000-0597 | 1 Microsoft | 2 Excel, Powerpoint | 2026-04-16 | N/A |
| Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. | ||||
| CVE-2006-2243 | 1 Web4future | 1 News Portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection. | ||||