Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0923 3 Apple, Easy Software Products, Redhat 4 Mac Os X, Mac Os X Server, Cups and 1 more 2025-04-03 N/A
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
CVE-2004-2066 1 Linpha 1 Linpha 2025-04-03 N/A
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
CVE-2005-0220 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2005-1242 1 Bsafe 1 Global Security 2025-04-03 N/A
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2003-1174 1 Nullsoft 1 Shoutcast Server 2025-04-03 N/A
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
CVE-2004-0926 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2025-04-03 N/A
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
CVE-2003-1177 1 Atrium Software 1 Mercur Mailserver 2025-04-03 N/A
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
CVE-2004-0927 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2025-04-03 N/A
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
CVE-2004-2070 1 Altiris 1 Client Service 2025-04-03 N/A
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
CVE-2005-0222 1 Gallery Project 1 Gallery 2025-04-03 N/A
main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
CVE-2005-0785 1 Yabb 1 Yabb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2004-0928 2 Hitachi, Macromedia 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more 2025-04-03 N/A
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
CVE-2003-1178 1 Advanced Poll 1 Advanced Poll 2025-04-03 N/A
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
CVE-2004-2073 1 Vserver 1 Linux-vserver 2025-04-03 N/A
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
CVE-2005-0787 1 Wine 1 Wine 2025-04-03 N/A
Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.
CVE-2003-1180 1 Advanced Poll 1 Advanced Poll 2025-04-03 N/A
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
CVE-2004-0929 2 Libtiff, Suse 2 Libtiff, Suse Linux 2025-04-03 N/A
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
CVE-2004-2080 1 Red-m 1 Red-alert 2025-04-03 N/A
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
CVE-2003-1184 1 Thwboard 1 Thwboard 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
CVE-2004-2081 1 Karjasoft 1 Sami Ftp Server 2025-04-03 N/A
The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.