Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4989 1 Patrick Michaelis 1 Wili-cms 2026-04-16 N/A
Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
CVE-1999-1279 1 Microsoft 1 Sna Server 2026-04-16 N/A
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
CVE-2000-0776 1 Mediahouse Software 1 Statistics Server Livestats 2026-04-16 N/A
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
CVE-2002-0459 1 Linux-sottises 2 Board-tnk, News-tnk 2026-04-16 N/A
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
CVE-2002-0473 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
CVE-2000-0856 1 Xs4all Data 1 Xs4all Data Sunftp 2026-04-16 N/A
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
CVE-2000-0857 1 Sebastian Kienzl 1 Muh 2026-04-16 N/A
The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname.
CVE-2000-0862 1 Allaire 1 Spectra 2026-04-16 N/A
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
CVE-2002-0483 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
CVE-2000-0913 1 Apache 1 Http Server 2026-04-16 N/A
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVE-2000-0914 1 Openbsd 1 Openbsd 2026-04-16 N/A
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
CVE-2001-1053 1 Adcycle 1 Adcycle 2026-04-16 N/A
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
CVE-2002-0491 1 Alguest 1 Alguest 2026-04-16 N/A
admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.
CVE-2000-0925 1 Smartwin Technology 1 Cyberoffice Shopping Cart 2026-04-16 N/A
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.
CVE-2002-0494 1 Websight Directory System 1 Websight Directory System 2026-04-16 N/A
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
CVE-2002-0553 1 Turnkey Solutions 1 Sunshop Shopping Cart 2026-04-16 N/A
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
CVE-2000-1019 1 Inktomi 1 Search Software 2026-04-16 N/A
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.
CVE-2002-0554 1 Ibm 1 Informix Web Datablade 2026-04-16 N/A
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
CVE-2000-1021 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
CVE-2000-1022 1 Cisco 1 Pix Firewall Software 2026-04-16 N/A
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.