Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0777 1 Microsoft 2 Commercial Internet System, Internet Information Server 2025-04-03 N/A
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
CVE-2000-0219 1 Redhat 1 Linux 2025-04-03 N/A
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
CVE-2003-1383 1 Logicworks 1 Web Erp 2025-04-03 N/A
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
CVE-2005-3567 1 Ibm 1 Tivoli Directory Server 2025-04-03 N/A
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.
CVE-2004-1029 5 Conectiva, Gentoo, Hp and 2 more 8 Linux, Linux, Hp-ux and 5 more 2025-04-03 N/A
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVE-1999-0344 1 Microsoft 1 Windows Nt 2025-04-03 N/A
NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-2006-3561 1 Bt 1 Voyager 2091 Wireless Adsl Router 2025-04-03 N/A
BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.
CVE-2002-2356 1 Hamweather 1 Hamweather 2025-04-03 N/A
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
CVE-2006-1524 1 Linux 1 Linux Kernel 2025-04-03 N/A
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
CVE-2003-1378 1 Microsoft 2 Outlook, Outlook Express 2025-04-03 N/A
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVE-2006-4475 1 Joomla 1 Joomla 2025-04-03 N/A
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
CVE-2006-4476 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
CVE-2005-0970 1 Apple 1 Mac Os X 2025-04-03 N/A
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
CVE-2004-2729 1 Hummingbird 1 Connectivity 2025-04-03 N/A
Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.
CVE-2006-2112 2 Dell, Fuji Xerox 19 3000cn, 3010cn, 3100cn and 16 more 2025-04-03 N/A
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.
CVE-1999-0496 1 Microsoft 1 Windows Nt 2025-04-03 N/A
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
CVE-2003-1552 1 Graeme 1 Uploader 2025-04-03 N/A
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
CVE-2006-1726 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-03 N/A
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.
CVE-2003-0857 1 Redhat 1 Enterprise Linux 2025-04-03 N/A
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2005-3058 1 Fortinet 2 Fortigate, Fortios 2025-04-03 N/A
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.