Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1601 1 Coolphp 1 Coolphp Web Portal 2025-04-03 N/A
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
CVE-2003-0116 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
CVE-2005-4126 1 Realnetworks 1 Realplayer 2025-04-03 N/A
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
CVE-2001-1142 1 Argosoft 1 Ftp Server 2025-04-03 N/A
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
CVE-2001-1143 1 Ibm 1 Db2 Universal Database 2025-04-03 N/A
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
CVE-2004-1676 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2025-04-03 N/A
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
CVE-2004-1678 1 Logicnow 1 Perldesk 2025-04-03 N/A
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
CVE-2005-4155 1 Adaptive Technology Resource Centre 1 Atutor 2025-04-03 N/A
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
CVE-2004-1690 1 Rhinosoft 1 Dns4me 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.
CVE-2004-1697 1 Ca 1 Unicenter Management 2025-04-03 N/A
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
CVE-2005-2208 1 Privashare 1 Privashare 2025-04-03 N/A
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2005-4163 1 Milky 1 Captcha Php 2025-04-03 N/A
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.
CVE-2001-1165 1 Intego 2 Diskguard, Fileguard 2025-04-03 N/A
Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.
CVE-2001-1168 1 Phpmyexplorer 2 Phpmyexplorer Classic, Phpmyexplorer Multiuser 2025-04-03 N/A
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
CVE-2004-1704 1 Wire Plastic Design 1 Wpquiz 2025-04-03 N/A
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
CVE-2001-1169 1 Bell Communications Research 1 S Key 2025-04-03 N/A
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
CVE-2003-0144 4 Bsd, Freebsd, Lprold and 1 more 4 Lpr, Freebsd, Lprold and 1 more 2025-04-03 N/A
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
CVE-2003-0151 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
CVE-2006-4479 1 Visualshapers 1 Ezcontents 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.
CVE-2003-0162 1 Ecartis 1 Ecartis 2025-04-03 N/A
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.