Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1050 | 1 Matt Wright | 1 Formhandler.cgi | 2025-04-03 | N/A |
| Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. | ||||
| CVE-1999-1426 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. | ||||
| CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2025-04-03 | N/A |
| Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | ||||
| CVE-2005-4497 | 1 Tangora | 1 Tangora Portal Cms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. | ||||
| CVE-1999-1059 | 1 Att | 1 Svr4 | 2025-04-03 | N/A |
| Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. | ||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2025-04-03 | N/A |
| Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. | ||||
| CVE-1999-1074 | 1 Webmin | 1 Webmin | 2025-04-03 | N/A |
| Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. | ||||
| CVE-1999-1080 | 1 Sun | 1 Sunos | 2025-04-03 | N/A |
| rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. | ||||
| CVE-1999-1085 | 1 Ssh | 1 Secure Shell | 2025-04-03 | N/A |
| SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." | ||||
| CVE-1999-1086 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls. | ||||
| CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2025-04-03 | N/A |
| The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. | ||||
| CVE-1999-1470 | 1 Eastman Software | 1 Work Management | 2025-04-03 | N/A |
| Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges. | ||||
| CVE-1999-1100 | 1 Cisco | 1 Pix Private Link | 2025-04-03 | N/A |
| Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. | ||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2025-04-03 | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-1999-1109 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. | ||||
| CVE-1999-1111 | 1 Immunix | 1 Stackguard | 2025-04-03 | N/A |
| Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. | ||||
| CVE-1999-1119 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | ||||
| CVE-1999-1121 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. | ||||
| CVE-1999-1126 | 1 Cisco | 1 Resource Manager | 2025-04-03 | N/A |
| Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". | ||||