Export limit exceeded: 14069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12832 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2026-04-16 | 7.5 High |
| Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | ||||
| CVE-2002-2279 | 1 Aldap | 1 Aldap | 2026-04-16 | N/A |
| Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | ||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2026-04-16 | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | ||||
| CVE-2001-0195 | 1 Debian | 1 Debian Linux | 2026-04-16 | 7.8 High |
| sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. | ||||
| CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2026-04-16 | N/A |
| SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | ||||
| CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2026-04-16 | N/A |
| SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | ||||
| CVE-2006-2224 | 2 Quagga, Redhat | 2 Quagga Routing Software Suite, Enterprise Linux | 2026-04-16 | N/A |
| RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | ||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | ||||
| CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.5 High |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | ||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2026-04-16 | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | ||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2026-04-16 | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | ||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2026-04-16 | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | ||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2026-04-16 | N/A |
| Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | ||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2026-04-16 | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | ||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2026-04-16 | N/A |
| The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | ||||
| CVE-2003-1475 | 1 Netbus | 1 Netbus | 2026-04-16 | N/A |
| Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | ||||
| CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2026-04-16 | N/A |
| newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | ||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | ||||
| CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2026-04-16 | N/A |
| upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | ||||
| CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | ||||