Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1414 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root. | ||||
| CVE-2001-1415 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | ||||
| CVE-2005-2814 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. | ||||
| CVE-2001-1413 | 2 Ncompress, Redhat | 2 Ncompress, Enterprise Linux | 2026-04-16 | N/A |
| Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | ||||
| CVE-2001-1412 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument. | ||||
| CVE-2005-2448 | 2 Ekg, Redhat | 2 Ekg, Enterprise Linux | 2026-04-16 | N/A |
| Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||||
| CVE-2001-1426 | 1 Alcatel | 1 Speed Touch Home | 2026-04-16 | N/A |
| Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations. | ||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2026-04-16 | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | ||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2026-04-16 | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | ||||
| CVE-2005-2820 | 1 Inter7 | 1 Sqwebmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | ||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2026-04-16 | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | ||||
| CVE-2001-1464 | 1 Businessobjects | 1 Crystal Reports | 2026-04-16 | N/A |
| Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. | ||||
| CVE-1999-1084 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash. | ||||
| CVE-2001-1500 | 1 Proftpd Project | 1 Proftpd | 2026-04-16 | N/A |
| ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. | ||||
| CVE-2005-2467 | 1 Mysql | 1 Eventum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | ||||
| CVE-2005-3596 | 1 Iisworks | 1 Aspknowledgebase | 2026-04-16 | N/A |
| SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. | ||||
| CVE-2001-1508 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument. | ||||
| CVE-2006-3154 | 1 Thinkfactory | 1 Ultimate Estate | 2026-04-16 | N/A |
| SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-1999-1207 | 1 Network General | 1 Netxray | 2026-04-16 | N/A |
| Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. | ||||
| CVE-2005-2843 | 1 Helpdesk Software | 1 Hesk | 2026-04-16 | N/A |
| Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php. | ||||