Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1870 1 Sws 1 Sws Simple Web Server 2025-04-03 N/A
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
CVE-2004-0224 3 Double Precision Incorporated, Gentoo, Inter7 4 Courier Mta, Sqwebmail, Linux and 1 more 2025-04-03 N/A
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
CVE-2004-1370 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2025-04-03 N/A
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
CVE-2005-1127 1 Postgrey 1 Postgrey 2025-04-03 N/A
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
CVE-2006-2278 1 Arabless 1 Saphplesson 2025-04-03 N/A
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
CVE-2002-1882 1 Oracle 1 E-business Suite 2025-04-03 N/A
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
CVE-2006-2305 1 Jadu Limited 1 Jadu Cms 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2311 1 New Atlanta Communications 2 Bluedragon Server, Bluedragon Server Jx 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
CVE-2003-0442 2 Php, Redhat 2 Php, Linux 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
CVE-2003-0549 2 Gnome, Redhat 5 Gdm, Enterprise Linux, Kdebase and 2 more 2025-04-03 N/A
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
CVE-2006-2339 1 Evo-dev 2 Evotopsites, Evotopsites Pro 2025-04-03 N/A
SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters.
CVE-2002-1892 1 Netgear 1 Fvs318 2025-04-03 N/A
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
CVE-2005-3471 1 Mailscanner 1 Mailscanner 2025-04-03 N/A
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
CVE-2001-0951 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
CVE-2002-0366 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2025-04-03 N/A
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
CVE-1999-0679 1 Hybrid Network 1 Hybrid Ircd 2025-04-03 N/A
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
CVE-2000-0362 1 Suse 1 Suse Linux 2025-04-03 N/A
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
CVE-2001-0114 1 Omnicron 1 Omnihttpd 2025-04-03 N/A
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
CVE-2001-0550 3 David Madore, Redhat, Washington University 3 Ftpd-bsd, Linux, Wu-ftpd 2025-04-03 N/A
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
CVE-2001-1100 1 Spencer Miles 1 W3mail 2025-04-03 N/A
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.