Export limit exceeded: 347798 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347798 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347798 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2026-04-16 | N/A |
| dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | ||||
| CVE-2004-0700 | 3 Gentoo, Mod Ssl, Redhat | 5 Linux, Mod Ssl, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. | ||||
| CVE-2005-2955 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | ||||
| CVE-2005-3573 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2026-04-16 | N/A |
| Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | ||||
| CVE-2005-3759 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | ||||
| CVE-2000-1010 | 2 Openbsd, Redhat | 2 Openbsd, Linux | 2026-04-16 | N/A |
| Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. | ||||
| CVE-2004-0702 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information. | ||||
| CVE-2005-3574 | 1 Icms Content Management Systems | 1 Icms | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. | ||||
| CVE-2005-3760 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND). | ||||
| CVE-2005-3861 | 1 Phpgreetz | 1 Phpgreetz | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | ||||
| CVE-2005-3959 | 1 Freewebstat | 1 Freewebstat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. | ||||
| CVE-2000-1011 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. | ||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | ||||
| CVE-2005-2957 | 1 Avira | 1 Desktop | 2026-04-16 | N/A |
| Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. | ||||
| CVE-2000-1012 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | ||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | ||||
| CVE-2005-2958 | 1 Gnome | 1 Libgda2 | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | ||||
| CVE-2005-3575 | 1 Cynox | 1 Cyphor | 2026-04-16 | N/A |
| SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-3761 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. | ||||
| CVE-2000-1013 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | ||||