Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0236 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
CVE-2004-1633 1 Mozilla 1 Bugzilla 2025-04-03 N/A
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
CVE-2006-4772 1 Hotplug Cms 1 Hotplug Cms 2025-04-03 N/A
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.
CVE-2004-0534 1 Businessobjects 2 Infoview, Webintelligence 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
CVE-2004-1634 1 Mozilla 1 Bugzilla 2025-04-03 N/A
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
CVE-2005-0641 1 Broadcom 1 Unicenter Asset Management 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
CVE-2003-0388 2 Andrew Morgan, Redhat 2 Linux Pam, Enterprise Linux 2025-04-03 N/A
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
CVE-2006-4784 1 Moodle 1 Moodle 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
CVE-2006-4789 1 Open Movie Editor 1 Open Movie Editor 2025-04-03 N/A
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
CVE-2003-0389 1 Rsa 1 Ace Agent 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
CVE-2004-0536 2 Redhat, Tripwire 2 Enterprise Linux, Tripwire 2025-04-03 N/A
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
CVE-2003-0390 1 James Theiler 1 Opt 2025-04-03 N/A
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
CVE-2003-0393 1 Privacyware 1 Privatefirewall 2025-04-03 N/A
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
CVE-2004-0538 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
CVE-2003-0397 1 Sharman Networks 1 Kazaa 2025-04-03 N/A
Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka "Packet 0' death."
CVE-2004-0539 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
CVE-2003-0398 1 Vignette 3 Content Suite, Storyserver, Vignette 2025-04-03 N/A
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.
CVE-2004-1639 1 Mozilla 3 Firefox, Gecko, Mozilla 2025-04-03 N/A
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
CVE-2006-4794 1 E107 1 E107 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2003-0399 1 Vignette 3 Content Suite, Storyserver, Vignette 2025-04-03 N/A
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.