Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1631 1 Openwfe 1 Work Flow Engine 2025-04-03 N/A
Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.
CVE-2006-4765 1 Netgear 1 Dg834gt 2025-04-03 N/A
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
CVE-2004-0533 1 Businessobjects 2 Infoview, Webintelligence 2025-04-03 N/A
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
CVE-2004-1632 1 Moniwiki 1 Moniwiki 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php.
CVE-2005-0639 3 Altlinux, Suse, Xli 3 Alt Linux, Suse Linux, Xli 2025-04-03 N/A
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
CVE-2004-1633 1 Mozilla 1 Bugzilla 2025-04-03 N/A
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
CVE-2006-4772 1 Hotplug Cms 1 Hotplug Cms 2025-04-03 N/A
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.
CVE-2004-0534 1 Businessobjects 2 Infoview, Webintelligence 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
CVE-2004-1634 1 Mozilla 1 Bugzilla 2025-04-03 N/A
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
CVE-2005-0641 1 Broadcom 1 Unicenter Asset Management 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
CVE-2003-0388 2 Andrew Morgan, Redhat 2 Linux Pam, Enterprise Linux 2025-04-03 N/A
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
CVE-2006-4784 1 Moodle 1 Moodle 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
CVE-2006-4789 1 Open Movie Editor 1 Open Movie Editor 2025-04-03 N/A
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
CVE-2003-0389 1 Rsa 1 Ace Agent 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
CVE-2004-0536 2 Redhat, Tripwire 2 Enterprise Linux, Tripwire 2025-04-03 N/A
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
CVE-2003-0390 1 James Theiler 1 Opt 2025-04-03 N/A
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
CVE-2003-0393 1 Privacyware 1 Privatefirewall 2025-04-03 N/A
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
CVE-2004-0538 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
CVE-2003-0397 1 Sharman Networks 1 Kazaa 2025-04-03 N/A
Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka "Packet 0' death."
CVE-2004-0539 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.