Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-1097 1 Sonicwall 1 Soho Firewall 2026-04-16 N/A
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
CVE-2000-1096 1 Paul Vixie 1 Vixie Cron 2026-04-16 N/A
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
CVE-2000-1088 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2002-0244 1 Atheos 1 Atheos 2026-04-16 N/A
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
CVE-2002-0243 1 Opera Software 1 Opera Web Browser 2026-04-16 N/A
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2002-0242 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2002-0241 1 Cisco 1 Secure Access Control Server 2026-04-16 N/A
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
CVE-2002-0240 1 Apache 1 Http Server 2026-04-16 N/A
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
CVE-2002-0239 1 Hanterm 1 Hanterm 2026-04-16 N/A
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
CVE-2000-1081 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2002-0238 1 Netgear 1 Rt314 2026-04-16 N/A
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
CVE-2000-1077 1 Iplanet 1 Iplanet Web Server 2026-04-16 N/A
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
CVE-2000-1076 2 Netscape, Sun 2 Directory Server, Iplanet Certificate Management System 2026-04-16 N/A
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
CVE-2000-1075 2 Netscape, Sun 2 Directory Server, Iplanet Certificate Management System 2026-04-16 N/A
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
CVE-2000-1074 1 Netscape 1 Iplanet Ical 2026-04-16 N/A
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
CVE-2000-1073 1 Netscape 1 Iplanet Ical 2026-04-16 N/A
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
CVE-2000-0856 1 Xs4all Data 1 Xs4all Data Sunftp 2026-04-16 N/A
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
CVE-2000-0857 1 Sebastian Kienzl 1 Muh 2026-04-16 N/A
The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname.
CVE-2002-0202 1 Paintbbs 1 Paintbbs 2026-04-16 N/A
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
CVE-2000-0858 1 Microsoft 2 Internet Information Server, Windows Nt 2026-04-16 N/A
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.