Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0421 1 Slackware 1 Slackware Linux 2026-04-16 N/A
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
CVE-1999-1037 1 Coast 1 Satan 2026-04-16 N/A
rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.
CVE-2004-1963 1 Freshmeat 1 Network Query Tool 2026-04-16 N/A
nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.
CVE-1999-0429 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
CVE-2006-4332 1 Wireshark 1 Wireshark 2026-04-16 N/A
Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.
CVE-2004-1967 1 Openbb 1 Openbb 2026-04-16 8.8 High
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
CVE-2005-4709 1 Jboss 1 Enterprise Java Beans 2026-04-16 N/A
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.
CVE-1999-1071 1 Excite 1 Ews 2026-04-16 N/A
Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.
CVE-2004-1968 1 Openbb 1 Openbb 2026-04-16 N/A
The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
CVE-1999-0434 5 Caldera, Debian, Netbsd and 2 more 5 Openlinux, Debian Linux, Netbsd and 2 more 2026-04-16 N/A
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVE-1999-0437 1 Ramp Networks 1 Webramp 2026-04-16 N/A
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.
CVE-2004-1969 1 Openbb 1 Openbb 2026-04-16 N/A
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
CVE-1999-0441 1 Qbik 1 Wingate 2026-04-16 N/A
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
CVE-2004-1970 1 Securecomputing 1 Smartether Ss6215s Switch 2026-04-16 N/A
Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message.
CVE-1999-1106 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
CVE-2000-1081 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2004-1971 1 Oscar Fafian 1 Video Gallery 2026-04-16 N/A
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.
CVE-1999-0446 1 Netbsd 1 Netbsd 2026-04-16 N/A
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
CVE-2004-1972 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
CVE-2004-1973 1 Digi 1 Www Server 2026-04-16 N/A
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters.