Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0100 2 Gnu, Redhat 3 Emacs, Xemacs, Enterprise Linux 2025-04-03 N/A
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
CVE-2005-3346 1 Osh 1 Osh 2025-04-03 N/A
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.
CVE-2005-3963 1 Dotclear 1 Dotclear 2025-04-03 N/A
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
CVE-2006-1108 1 Nmdeluxe 1 Nmdeluxe 2025-04-03 N/A
SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3308 1 Zomplog 1 Zomplog 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.
CVE-2006-3266 1 Magnet 1 Bee-hive Lite 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.
CVE-2001-0911 2 Francisco Burzi, Postnuke Software Foundation 2 Php-nuke, Postnuke 2025-04-03 N/A
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
CVE-2002-0972 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Linux 2025-04-03 N/A
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.
CVE-2005-3351 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2025-04-03 N/A
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
CVE-2001-0269 1 Sun 1 Sunos 2025-04-03 N/A
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
CVE-2002-0991 1 Hp 1 Cifs-9000 Server 2025-04-03 N/A
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
CVE-2001-0913 1 Network Solutions 1 Rwhoisd 2025-04-03 N/A
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
CVE-2000-0799 1 Sgi 1 Irix 2025-04-03 N/A
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
CVE-2001-0920 1 Patrick Schemitz 1 Autonice Daemon 2025-04-03 N/A
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
CVE-2005-0142 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2025-04-03 N/A
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
CVE-2001-1211 1 Ipswitch 1 Imail 2025-04-03 N/A
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
CVE-2001-1252 1 Pgp 1 Keyserver 2025-04-03 N/A
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
CVE-2001-0929 1 Cisco 1 Ios 2025-04-03 N/A
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
CVE-2005-0144 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
CVE-2000-0146 1 Novell 1 Groupwise 2025-04-03 N/A
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.