Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0084 2 Mod Auth Any, Redhat 3 Mod Auth Any, Enterprise Linux, Linux 2025-04-03 N/A
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
CVE-2005-1053 1 Moderngigabyte 1 Modernbill 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
CVE-2003-0091 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
CVE-2004-0470 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
CVE-2006-4370 1 Alt-n 1 Webadmin 2025-04-03 N/A
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
CVE-2006-4372 1 Constructor Component 1 Constructor Component 2025-04-03 N/A
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2003-0092 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
CVE-2003-0094 1 Andries Brouwer 1 Util-linux 2025-04-03 N/A
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
CVE-2004-0471 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
CVE-2006-4381 1 Apple 1 Quicktime 2025-04-03 N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
CVE-2005-0424 1 Aspjar 1 Aspjar Guestbook 2025-04-03 N/A
Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730.
CVE-2004-1202 1 Phpcms 1 Phpcms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2003-0098 2 Apcupsd, Debian 2 Apcupsd, Debian Linux 2025-04-03 N/A
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
CVE-2004-1205 1 Pntresmailer 1 Pntresmailer 2025-04-03 N/A
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.
CVE-2003-0101 3 Engardelinux, Usermin, Webmin 3 Guardian Digital Webtool, Usermin, Webmin 2025-04-03 N/A
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
CVE-2003-0103 1 Nokia 1 6210 Handset 2025-04-03 N/A
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
CVE-2005-0744 1 Novell 1 Ichain 2025-04-03 N/A
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.
CVE-2003-0104 1 Peoplesoft 1 Peopletools 2025-04-03 N/A
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
CVE-2006-4719 1 Myabracadaweb 1 Myabracadaweb 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.
CVE-2004-0475 1 Microsoft 1 Ie 2025-04-03 N/A
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.