Export limit exceeded: 345297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345297 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2464 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. | ||||
| CVE-1999-0442 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Solaris ff.core allows local users to modify files. | ||||
| CVE-1999-1365 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | ||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | ||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | ||||
| CVE-1999-0443 | 1 Bmc | 1 Patrol Agent | 2026-04-16 | N/A |
| Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password. | ||||
| CVE-2006-2473 | 1 Openwiki | 1 Openwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites. | ||||
| CVE-2006-2480 | 2 Dia, Redhat | 2 Dia, Enterprise Linux | 2026-04-16 | N/A |
| Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file. | ||||
| CVE-2006-2488 | 1 Spymac | 1 Spymac Web Os | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. | ||||
| CVE-1999-0444 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2026-04-16 | N/A |
| Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. | ||||
| CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | ||||
| CVE-1999-1583 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument. | ||||
| CVE-2006-2494 | 1 Lacaveprods | 1 Intellitamper | 2026-04-16 | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file. | ||||
| CVE-1999-0445 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. | ||||
| CVE-1999-1368 | 1 Broadcom | 1 Inoculateit | 2026-04-16 | N/A |
| AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. | ||||
| CVE-1999-1590 | 1 Wwwcount | 1 Wwwcount | 2026-04-16 | N/A |
| Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021. | ||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | ||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2026-04-16 | N/A |
| Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | ||||
| CVE-2006-2497 | 1 Aspbb | 1 Aspbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. | ||||
| CVE-1999-0446 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. | ||||