Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1111 1 Mantis 1 Mantis 2026-04-16 N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
CVE-2001-1463 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
CVE-2002-1120 1 Savant 1 Savant Web Server 2026-04-16 N/A
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2000-0006 2 Linux, Paul Kranenburg 2 Linux Kernel, Strace 2026-04-16 N/A
strace allows local users to read arbitrary files via memory mapped file names.
CVE-2001-1464 1 Businessobjects 1 Crystal Reports 2026-04-16 N/A
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
CVE-2002-1772 1 Novell 1 Netware 2026-04-16 N/A
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.
CVE-2003-0504 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
CVE-2001-1465 1 Surfcontrol 1 Superscout Web Filter 2026-04-16 N/A
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
CVE-2000-0007 1 Trend Micro 1 Pc-cillin 2026-04-16 N/A
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
CVE-2004-1640 1 Xoops 1 Xoops Dictionary 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.
CVE-2005-4144 1 Lyris 1 List Manager 2026-04-16 N/A
Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.
CVE-2005-4143 1 Lyris 1 List Manager 2026-04-16 N/A
SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.
CVE-2005-4142 1 Lyris Technologies Inc 1 Listmanager 2026-04-16 N/A
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
CVE-2005-4141 1 Aspmforum 1 Aspmforum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
CVE-2005-4140 1 Website Baker 1 Website Baker 2026-04-16 N/A
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
CVE-2005-4139 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVE-2005-4138 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.
CVE-2005-4137 1 Fad Solutions 1 Drzes Hms 2026-04-16 N/A
SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.
CVE-2005-4136 1 Fad Solutions 1 Drzes Hms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.
CVE-2005-4134 4 K-meleon Project, Mozilla, Netscape and 1 more 5 K-meleon, Firefox, Mozilla Suite and 2 more 2026-04-16 N/A
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.