Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4958 1 Sun 1 Secure Global Desktop 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
CVE-2006-0754 1 Dotproject 1 Dotproject 2025-04-03 N/A
dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
CVE-2006-0587 1 Gallery Project 1 Gallery 2025-04-03 N/A
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
CVE-2005-1752 1 Gforge 1 Gforge 2025-04-03 N/A
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
CVE-2006-4951 1 Neosys 1 Neon Webmail 2025-04-03 N/A
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename.
CVE-2006-4488 1 Exbb 1 Exbb Italia 2025-04-03 N/A
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.
CVE-2004-0635 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more 5 Ethereal, Linux, Mandrake Linux and 2 more 2025-04-03 N/A
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
CVE-2004-0633 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more 5 Ethereal, Linux, Mandrake Linux and 2 more 2025-04-03 N/A
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
CVE-2004-0111 3 Gnome, Redhat, Sgi 6 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 3 more 2025-04-03 N/A
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2003-0548 2 Gnome, Redhat 5 Gdm, Enterprise Linux, Kdebase and 2 more 2025-04-03 N/A
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
CVE-2003-0447 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
CVE-2006-4950 1 Cisco 1 Ios 2025-04-03 N/A
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
CVE-2000-0681 1 Bea 1 Weblogic Server 2025-04-03 N/A
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
CVE-1999-1398 1 Sgi 1 Irix 2025-04-03 N/A
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
CVE-2006-4948 1 Prosysinfo 1 Tftp Server Tftpdwin 2025-04-03 N/A
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-0873 1 Oracle 1 10g Reports Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
CVE-2006-4943 1 Moodle 1 Moodle 2025-04-03 N/A
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2003-0380 1 Atftpd 1 Atftpd 2025-04-03 N/A
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
CVE-2000-0052 3 Mandrakesoft, Redhat, Turbolinux 3 Mandrake Linux, Linux, Turbolinux 2025-04-03 N/A
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
CVE-2006-1596 1 Claroline 1 Claroline 2025-04-03 N/A
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.