Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1158 1 Plug And Play Software 1 Plug And Play Web Server 2025-04-03 N/A
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
CVE-2004-2052 1 Esesix 1 Thintune 2025-04-03 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
CVE-2003-1160 1 Seyeon 1 Flexwatch Network Video Server 2025-04-03 N/A
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
CVE-2004-2055 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
CVE-2005-0780 1 Php Arena 1 Pafiledb 2025-04-03 N/A
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
CVE-2003-1161 1 Linux 1 Linux Kernel 2025-04-03 N/A
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
CVE-2004-2059 1 Xlinesoft 1 Asprunner 2025-04-03 N/A
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-0915 2 Debian, Viewcvs 2 Debian Linux, Viewcvs 2025-04-03 N/A
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
CVE-2003-1167 1 Gernot Stocker 1 Kpopup 2025-04-03 N/A
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
CVE-2003-1168 1 Http Commander 1 Http Commander 2025-04-03 N/A
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.
CVE-2004-2064 1 Verylost 1 Lostbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
CVE-2005-0214 1 Alexander Palmo 1 Simple Php Blog 2025-04-03 N/A
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
CVE-2004-0917 1 Vignette 1 Application Portal 2025-04-03 N/A
The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag.
CVE-2003-1170 1 Gernot Stocker 1 Kpopup 2025-04-03 N/A
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
CVE-2004-0921 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2025-04-03 N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
CVE-2003-1173 1 Centrinity 1 Centrinity Firstclass 2025-04-03 N/A
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
CVE-2004-0923 3 Apple, Easy Software Products, Redhat 4 Mac Os X, Mac Os X Server, Cups and 1 more 2025-04-03 N/A
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
CVE-2004-2066 1 Linpha 1 Linpha 2025-04-03 N/A
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
CVE-2005-0220 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2005-1242 1 Bsafe 1 Global Security 2025-04-03 N/A
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.