Search Results (26438 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1617 1 University Of Kansas 1 Lynx 2026-04-16 N/A
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
CVE-2004-1602 1 Proftpd 1 Proftpd 2026-04-16 N/A
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
CVE-2002-2349 1 Phpbb 1 Phpbbmod 2026-04-16 N/A
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
CVE-2000-0876 1 Texas Imperial Software 2 Wftpd, Wftpd Pro 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
CVE-2006-0203 1 Mini-nuke 1 Cms System 2026-04-16 N/A
membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.
CVE-1999-0867 1 Microsoft 3 Commercial Internet System, Internet Information Server, Site Server 2026-04-16 N/A
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-2002-2342 1 Joe Depasquale 1 Bannermatic 2026-04-16 N/A
Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2026-04-16 N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-2002-2329 1 Mirabilis 1 Icq 2026-04-16 N/A
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
CVE-2002-2328 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
CVE-2002-2325 1 University Of Washington 1 Pine 2026-04-16 N/A
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
CVE-2002-2322 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
CVE-2002-2317 1 Symantec 1 Velociraptor 2026-04-16 N/A
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
CVE-2004-0276 1 Monkey-project 1 Monkey 2026-04-16 N/A
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
CVE-2002-1874 1 Astrocam 1 Astrocam 2026-04-16 N/A
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
CVE-2005-3398 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVE-2000-0649 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
CVE-1999-0059 1 Sgi 1 Irix 2026-04-16 7.3 High
IRIX fam service allows an attacker to obtain a list of all files on the server.
CVE-2000-0258 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
CVE-1999-0001 3 Bsdi, Freebsd, Openbsd 3 Bsd Os, Freebsd, Openbsd 2026-04-16 N/A
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.