Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1082 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
CVE-2004-0871 1 Mozilla 1 Mozilla 2025-04-03 N/A
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
CVE-1999-0535 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
CVE-2003-1084 1 Tildeslash 1 Monit 2025-04-03 N/A
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
CVE-2004-0880 3 Gentoo, Getmail, Slackware 3 Linux, Getmail, Slackware Linux 2025-04-03 N/A
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
CVE-2002-1316 1 Iplanet 1 Iplanet Web Server 2025-04-03 N/A
importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).
CVE-2003-1086 1 Pmachine 2 Pmachine Free, Pmachine Pro 2025-04-03 N/A
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
CVE-2004-2015 1 Webct 1 Webct 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.
CVE-1999-0715 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
CVE-2004-2018 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
CVE-2003-1091 1 Apple 1 Quicktime Broadcaster 2025-04-03 N/A
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
CVE-2005-0184 1 Squirrelmail 1 Vacation Plugin 2025-04-03 N/A
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
CVE-2003-1092 1 Christos Zoulas 1 File 1 2025-04-03 N/A
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
CVE-2002-1420 1 Openbsd 1 Openbsd 2025-04-03 N/A
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
CVE-2005-2382 1 Oray 1 Peanuthull 2025-04-03 N/A
Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality.
CVE-2003-1094 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
CVE-2004-2020 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
CVE-2004-2023 1 Zen Cart 1 Zen Cart 2025-04-03 N/A
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
CVE-2005-0186 1 Cisco 1 Ios 2025-04-03 N/A
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
CVE-2004-2025 1 Zen Cart 1 Zen Cart 2025-04-03 N/A
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.