Export limit exceeded: 25892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2369 | 1 Perception | 1 Liteserve | 2026-04-16 | N/A |
| Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | ||||
| CVE-2002-2371 | 1 Linksys | 1 Wet11 | 2026-04-16 | N/A |
| Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | ||||
| CVE-2003-0795 | 4 Gnu, Quagga, Redhat and 1 more | 5 Zebra, Quagga, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | ||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2026-04-16 | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2003-1003 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | ||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||||
| CVE-2004-1428 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | ||||
| CVE-2004-1602 | 1 Proftpd | 1 Proftpd | 2026-04-16 | N/A |
| ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | ||||
| CVE-2004-1617 | 1 University Of Kansas | 1 Lynx | 2026-04-16 | N/A |
| Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value. | ||||
| CVE-2004-2533 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | N/A |
| Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. | ||||
| CVE-2004-2592 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | ||||
| CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | ||||
| CVE-2004-2649 | 1 Eudora | 1 Eudora | 2026-04-16 | N/A |
| Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as " ") in the middle of the URL. | ||||
| CVE-2004-2706 | 1 Phrozensmoke | 1 Gyach Enhanced | 2026-04-16 | N/A |
| Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages. | ||||
| CVE-2004-2748 | 1 Webtrends | 1 Reporting Center | 2026-04-16 | N/A |
| viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | ||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2005-0850 | 1 Filezilla-project | 1 Filezilla Server | 2026-04-16 | N/A |
| FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others. | ||||
| CVE-2005-1628 | 1 Web-app.org | 1 Webapp | 2026-04-16 | N/A |
| apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | ||||
| CVE-2005-1650 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | ||||
| CVE-2005-1682 | 1 Solstice | 1 Solstice Internet Mail Server | 2026-04-16 | N/A |
| JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products. | ||||