Export limit exceeded: 345229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0168 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2026-04-16 | N/A |
| Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | ||||
| CVE-2000-0147 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. | ||||
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2026-04-16 | N/A |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | ||||
| CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | ||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | ||||
| CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2026-04-16 | N/A |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. | ||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2026-04-16 | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | ||||
| CVE-1999-1374 | 1 Arpanet | 1 Perlshop | 2026-04-16 | N/A |
| perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. | ||||
| CVE-1999-0472 | 2 Network Appliance, Snmp | 2 Netcache, Snmp | 2026-04-16 | N/A |
| The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. | ||||
| CVE-2006-2505 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | ||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | ||||
| CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2026-04-16 | N/A |
| Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | ||||
| CVE-2000-0023 | 1 Lotus | 1 Domino Server | 2026-04-16 | N/A |
| Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. | ||||
| CVE-1999-1372 | 1 Triactive | 1 Remote Management | 2026-04-16 | N/A |
| Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges. | ||||
| CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. | ||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | ||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | ||||
| CVE-2006-2190 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. | ||||
| CVE-2006-2195 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | ||||