Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2831 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVE-2000-1213 3 Immunix, Iputils, Redhat 3 Immunix, Iputils, Linux 2026-04-16 N/A
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
CVE-2002-1307 1 Mhonarc 1 Mhonarc 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
CVE-2006-2833 1 Drupal 1 Drupal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
CVE-2000-1221 3 Debian, Redhat, Sgi 3 Debian Linux, Linux, Irix 2026-04-16 N/A
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
CVE-2002-1308 3 Mozilla, Netscape, Redhat 4 Mozilla, Navigator, Enterprise Linux and 1 more 2026-04-16 N/A
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
CVE-2000-1229 1 Phorum 1 Phorum 2026-04-16 N/A
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
CVE-2002-1309 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
CVE-2000-1239 1 Ibm 1 Tivoli Management Framework 2026-04-16 N/A
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
CVE-2006-2838 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2026-04-16 N/A
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
CVE-2006-2840 1 Pmwiki 1 Pmwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2002-1310 1 Macromedia 1 Jrun 2026-04-16 N/A
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
CVE-2006-2841 1 Associated 1 Associated Cms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.
CVE-2001-0002 1 Microsoft 2 Internet Explorer, Windows Script Host 2026-04-16 N/A
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
CVE-2002-1311 1 Double Precision Incorporated 1 Courier Mta 2026-04-16 N/A
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
CVE-2001-0007 1 Netscreen 1 Screen Os 2026-04-16 N/A
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
CVE-2001-0008 2 Borland Software, Firebirdsql 2 Interbase, Firebird 2026-04-16 N/A
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
CVE-2001-0009 1 Lotus 1 Domino Server 2026-04-16 N/A
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
CVE-2001-0012 2 Isc, Redhat 2 Bind, Linux 2026-04-16 N/A
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
CVE-2002-0840 3 Apache, Oracle, Redhat 9 Http Server, Application Server, Database Server and 6 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.