Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3864 1 Berlios 1 Sourcewell 2026-04-16 N/A
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
CVE-2006-0927 2 Jgs-xa, Woltlab 2 Jgs-gallery Addon, Burning Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.
CVE-2001-0680 1 Qpc Software 2 Avt Term, Qvt Net 2026-04-16 N/A
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
CVE-2002-1362 2 Matthew Smith, Redhat 3 Micq, Enterprise Linux, Linux 2026-04-16 N/A
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.
CVE-2001-0681 1 Qpc Software 2 Qvt Net, Qvt Term 2026-04-16 N/A
Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password.
CVE-2002-0921 1 Cgiscript.net 1 Csnews 2026-04-16 N/A
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.
CVE-2001-0687 1 Transsoft 1 Broker Ftp Server 2026-04-16 N/A
Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).
CVE-2001-0696 1 Netwin 1 Surgeftp 2026-04-16 N/A
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
CVE-2001-0702 1 Grant Averett 1 Ceberus Ftp Server 2026-04-16 N/A
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
CVE-2001-0704 1 Arcadia 1 Arcadia Internet Store 2026-04-16 N/A
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
CVE-2001-0705 1 Arcadia 1 Arcadia Internet Store 2026-04-16 N/A
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
CVE-2002-0925 1 Matthew Mondor 2 Mmftpd, Mmmail 2026-04-16 N/A
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
CVE-2001-0712 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
CVE-2001-0714 1 Sendmail 1 Sendmail 2026-04-16 N/A
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
CVE-2001-0724 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
CVE-2001-0729 1 Apache 1 Http Server 2026-04-16 N/A
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
CVE-2001-0733 1 Ralf S. Engelschall 1 Eperl 2026-04-16 N/A
The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
CVE-2001-0750 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
CVE-2002-0935 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
CVE-2001-0751 1 Cisco 1 Cbos 2026-04-16 N/A
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.