Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0620 1 Iplanet 1 Calendar Server 2026-04-16 N/A
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
CVE-2002-0023 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2000-0103 1 Netsmart 1 Smartcart 2026-04-16 N/A
The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0222 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
CVE-2000-0106 1 Easycart 1 Easycart 2026-04-16 N/A
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2001-0634 1 Sun 1 Chilisoft 2026-04-16 N/A
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
CVE-2000-0107 1 Debian 1 Debian Linux 2026-04-16 N/A
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
CVE-2000-0108 1 Intelligent Vending Systems 1 Intellivend 2026-04-16 N/A
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2001-0642 1 Incredimail 1 Incredimail 2026-04-16 N/A
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
CVE-2000-0110 1 Baron Consulting Group 1 Websitetool 2026-04-16 N/A
The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2001-0647 1 Orange Software 1 Orange Web Server 2026-04-16 N/A
Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.
CVE-2001-0650 1 Cisco 1 Ios 2026-04-16 N/A
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
CVE-2000-0114 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
CVE-2000-0118 2 Redhat, Sun 3 Linux, Solaris, Sunos 2026-04-16 N/A
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVE-2000-0120 1 Allaire 1 Spectra 2026-04-16 N/A
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
CVE-2000-0124 1 Surfcontrol 1 Superscout 2026-04-16 N/A
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
CVE-2001-0652 1 Sun 1 Sunos 2026-04-16 N/A
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
CVE-2000-0197 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
CVE-2002-0211 1 Tarantella 1 Tarantella Enterprise 2026-04-16 N/A
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
CVE-2000-0199 1 Microsoft 1 Sql Server 2026-04-16 N/A
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.