Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0106 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
CVE-2002-1684 2 Deerfield, Working Resources Inc. 2 D2gfx, Badblue 2025-04-03 N/A
Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
CVE-2003-0064 4 Hp, Ibm, Sgi and 1 more 5 Hp-ux, Aix, Irix and 2 more 2025-04-03 N/A
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVE-2002-0108 1 Allaire 1 Forums 2025-04-03 N/A
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
CVE-2002-1689 1 Ibm 1 Aix 2025-04-03 N/A
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
CVE-2002-0109 1 Linksys 3 Befn2ps4, Befsr41, Befsr81 2025-04-03 N/A
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.
CVE-2000-0593 1 Sapporoworks 1 Sapporoworks Winproxy 2025-04-03 N/A
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
CVE-2005-4590 1 Spb 1 Kiosk Engine 2025-04-03 N/A
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
CVE-2006-3506 1 Apple 3 Mac Os X, Mac Os X Server, Xsan 2025-04-03 N/A
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
CVE-1999-0830 1 Sco 1 Unixware 2025-04-03 N/A
Buffer overflow in SCO UnixWare Xsco command via a long argument.
CVE-2004-2167 1 Latex2rtf 1 Latex2rtf 2025-04-03 N/A
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.
CVE-2005-4591 1 Bogofilter 1 Email Filter 2025-04-03 N/A
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.
CVE-2002-0110 1 Nevrona Designs 1 Miramail 2025-04-03 N/A
Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.
CVE-2002-0066 2 Bindview, Funk Software 2 Netrc, Funk Software Proxy 2025-04-03 N/A
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
CVE-2005-4608 1 Incogen 1 Bugport 2025-04-03 N/A
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.
CVE-2006-3524 1 Sipfoundry 1 Sipxtapi 2025-04-03 N/A
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
CVE-2002-0113 1 Emc 1 Networker 2025-04-03 N/A
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
CVE-2000-0596 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
CVE-2004-2187 1 Mediawiki 1 Mediawiki 2025-04-03 N/A
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
CVE-2000-0597 1 Microsoft 2 Excel, Powerpoint 2025-04-03 N/A
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.