Export limit exceeded: 14386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2974 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | ||||
| CVE-2003-0987 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | ||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2026-04-16 | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | ||||
| CVE-2003-0866 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. | ||||
| CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | ||||
| CVE-2003-0789 | 2 Apache, Redhat | 2 Http Server, Linux | 2026-04-16 | N/A |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | ||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | ||||
| CVE-2002-0936 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | ||||
| CVE-2002-0392 | 3 Apache, Debian, Redhat | 7 Http Server, Debian Linux, Enterprise Linux and 4 more | 2026-04-16 | N/A |
| Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | ||||
| CVE-2006-1546 | 2 Apache, Redhat | 2 Struts, Rhel Application Server | 2026-04-16 | N/A |
| Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. | ||||
| CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2026-04-16 | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | ||||
| CVE-2002-0185 | 2 Apache, Redhat | 2 Mod Python, Linux | 2026-04-16 | N/A |
| mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | ||||
| CVE-2002-1148 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2026-04-16 | N/A |
| The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | ||||
| CVE-1999-1199 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | ||||
| CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2026-04-16 | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | ||||
| CVE-1999-0071 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | ||||
| CVE-2002-0493 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. | ||||
| CVE-2003-0542 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | ||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| test-cgi program allows an attacker to list files on the server. | ||||
| CVE-2006-0042 | 2 Apache, Debian | 2 Libapreq2, Debian Linux | 2026-04-16 | N/A |
| Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | ||||