Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0354 | 3 Mozilla, Netscape, Redhat | 3 Mozilla, Navigator, Linux | 2026-04-16 | N/A |
| The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | ||||
| CVE-2002-0356 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. | ||||
| CVE-2001-0534 | 2 Lucent, Merit | 2 Radius, Radius | 2026-04-16 | N/A |
| Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands. | ||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2026-04-16 | N/A |
| Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | ||||
| CVE-2001-0555 | 1 Screaming Media | 1 Siteware | 2026-04-16 | N/A |
| ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. | ||||
| CVE-2002-0898 | 1 Opera Software | 1 Opera Web Browser | 2026-04-16 | N/A |
| Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. | ||||
| CVE-2001-0556 | 2 Nedit, Redhat | 2 Nedit, Powertools | 2026-04-16 | N/A |
| The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file. | ||||
| CVE-2001-0557 | 1 T. Hauck | 1 Jana Web Server | 2026-04-16 | N/A |
| T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e). | ||||
| CVE-2002-0899 | 1 Blueface | 1 Falcon Web Server | 2026-04-16 | N/A |
| Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot). | ||||
| CVE-2001-0599 | 1 Sybase | 1 Adaptive Server Anywhere | 2026-04-16 | N/A |
| Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638. | ||||
| CVE-2002-0910 | 1 Debian | 1 Netstd | 2026-04-16 | N/A |
| Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to. | ||||
| CVE-2002-1348 | 2 Redhat, W3m | 3 Enterprise Linux, Linux, W3m | 2026-04-16 | N/A |
| w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. | ||||
| CVE-2001-0614 | 1 Carello | 1 E-commerce | 2026-04-16 | N/A |
| Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. | ||||
| CVE-2002-0911 | 1 Caldera | 1 Volution Manager | 2026-04-16 | N/A |
| Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. | ||||
| CVE-2002-0912 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow. | ||||
| CVE-2001-0617 | 1 Alliedtelesyn | 1 At-ar220e | 2026-04-16 | N/A |
| Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. | ||||
| CVE-2002-0913 | 1 Stephen Hebditch | 1 Slurp | 2026-04-16 | N/A |
| Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response. | ||||
| CVE-2001-0626 | 1 Oreilly | 1 Website Professional | 2026-04-16 | N/A |
| O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. | ||||
| CVE-2001-0632 | 1 Sun | 1 Chilisoft | 2026-04-16 | N/A |
| Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. | ||||
| CVE-2001-0633 | 1 Sun | 1 Chilisoft | 2026-04-16 | N/A |
| Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. | ||||