Total
29766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1015 | 1 Open Source Development Network | 1 Slashcode | 2025-04-03 | N/A |
| The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands. | ||||
| CVE-2000-0173 | 1 Sco | 1 Unixware | 2025-04-03 | N/A |
| Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. | ||||
| CVE-2000-1035 | 1 Typsoft | 1 Typsoft | 2025-04-03 | N/A |
| Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command. | ||||
| CVE-2000-1037 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | N/A |
| Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack. | ||||
| CVE-2000-0191 | 1 Axis | 1 Storpoint Cd | 2025-04-03 | N/A |
| Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. | ||||
| CVE-2000-1055 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | N/A |
| Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. | ||||
| CVE-2000-1068 | 1 Cgi-world | 2 Poll It, Poll It Pro | 2025-04-03 | N/A |
| pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. | ||||
| CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2025-04-03 | N/A |
| Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. | ||||
| CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2025-04-03 | N/A |
| Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | ||||
| CVE-2000-0202 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
| Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | ||||
| CVE-2005-2158 | 1 Jboss | 1 Jbpm | 2025-04-03 | N/A |
| A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. | ||||
| CVE-2000-0765 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2025-04-03 | N/A |
| Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. | ||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | ||||
| CVE-2005-2202 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | ||||
| CVE-2006-4878 | 1 David Bennett | 1 Php-post | 2025-04-03 | N/A |
| Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file. | ||||
| CVE-2006-4481 | 1 Php | 1 Php | 2025-04-03 | N/A |
| The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. | ||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | ||||
| CVE-2005-2292 | 1 Oracle | 1 Jdeveloper | 2025-04-03 | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information. | ||||