Total
345230 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0172 | 1 Juan Cespedes | 1 Ltrace | 2026-04-16 | N/A |
| Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed. | ||||
| CVE-2000-0701 | 3 Conectiva, Gnu, Redhat | 3 Linux, Mailman, Linux | 2026-04-16 | N/A |
| The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. | ||||
| CVE-2006-0805 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | ||||
| CVE-2000-0704 | 3 Freewnn, Omron, Wnn | 3 Freewnn, Worldview, Wnn4 | 2026-04-16 | N/A |
| Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. | ||||
| CVE-2000-0708 | 1 Pragma Systems | 1 Telnetserver | 2026-04-16 | N/A |
| Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. | ||||
| CVE-2004-0177 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2026-04-16 | N/A |
| The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | ||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2000-0720 | 1 Gwscripts | 1 Gwscripts News Publisher | 2026-04-16 | N/A |
| news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program. | ||||
| CVE-2000-0730 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. | ||||
| CVE-2000-0734 | 2 Eeye Digital Security, Spynet | 2 Iris, Capturenet | 2026-04-16 | N/A |
| eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. | ||||
| CVE-2000-0742 | 1 Microsoft | 2 Windows 95, Windows 98 | 2026-04-16 | N/A |
| The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. | ||||
| CVE-2000-0743 | 1 University Of Minnesota | 1 Gopherd | 2026-04-16 | N/A |
| Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. | ||||
| CVE-2002-2159 | 1 Linksys | 3 Befsr11, Befsr41, Befsru31 | 2026-04-16 | N/A |
| Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access. | ||||
| CVE-2000-0746 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | ||||
| CVE-2000-0748 | 1 Openldap | 1 Openldap | 2026-04-16 | N/A |
| OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. | ||||
| CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | ||||
| CVE-2002-2196 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
| CVE-2002-2200 | 1 Benjamin Lefevre | 1 Dobermann Forum | 2026-04-16 | N/A |
| Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php. | ||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | ||||
| CVE-2000-0776 | 1 Mediahouse Software | 1 Statistics Server Livestats | 2026-04-16 | N/A |
| Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request. | ||||