Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | ||||
| CVE-2006-2535 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal. | ||||
| CVE-1999-0480 | 1 Midnight Commander | 1 Midnight Commander | 2026-04-16 | N/A |
| Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. | ||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | ||||
| CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2026-04-16 | N/A |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. | ||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2026-04-16 | N/A |
| Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | ||||
| CVE-1999-0479 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2026-04-16 | N/A |
| Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. | ||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2026-04-16 | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||
| CVE-2000-0149 | 1 Zeus Technologies | 1 Zeus Web Server | 2026-04-16 | N/A |
| Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. | ||||
| CVE-2000-0111 | 1 Avt | 1 Rightfax | 2026-04-16 | N/A |
| The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. | ||||
| CVE-2000-0026 | 2 Sco, Windowmaker | 2 Unixware, Wmmon | 2026-04-16 | N/A |
| Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. | ||||
| CVE-1999-0478 | 1 Sendmail | 1 Sendmail | 2026-04-16 | N/A |
| Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. | ||||
| CVE-2006-2520 | 1 Bitberry Software | 1 Bitzipper | 2026-04-16 | N/A |
| Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. | ||||
| CVE-2000-0168 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2026-04-16 | N/A |
| Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | ||||
| CVE-2000-0147 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. | ||||
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2026-04-16 | N/A |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | ||||
| CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | ||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | ||||
| CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2026-04-16 | N/A |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. | ||||