Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1829 1 Error Manager 1 Php-nuke Module 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.
CVE-2002-0971 3 Att, Tightvnc, Tridia 3 Winvnc Server, Tightvnc, Tridiavnc 2025-04-03 N/A
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
CVE-2002-1397 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Linux 2025-04-03 N/A
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
CVE-2002-0973 1 Freebsd 1 Freebsd 2025-04-03 N/A
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
CVE-2002-0974 1 Microsoft 1 Windows Xp 2025-04-03 N/A
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
CVE-2001-1254 1 Com2001 1 Alexis Server 2025-04-03 N/A
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
CVE-2004-1836 1 Invision Power Services 1 Invision Power Top Site List 2025-04-03 N/A
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.
CVE-2005-4203 1 Logisphere 1 Logisphere 2025-04-03 N/A
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue.
CVE-2002-2003 1 Compaq 1 Tru64 2025-04-03 N/A
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
CVE-2002-2007 1 Apache 1 Tomcat 2025-04-03 N/A
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
CVE-2002-2008 1 Apache 1 Tomcat 2025-04-03 N/A
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
CVE-2002-2009 1 Apache 1 Tomcat 2025-04-03 N/A
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
CVE-2002-2011 1 Jon Howell 1 Faq-o-matic 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2002-2017 1 Sas 2 Base, Integration Technologies 2025-04-03 N/A
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
CVE-2004-0090 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
CVE-2004-1837 1 Joel Palmius 1 Mod Survey 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.
CVE-2005-4207 1 Btgrup 1 Admin Webcontroller Script 2025-04-03 N/A
SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields.
CVE-2004-1839 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVE-2005-4218 1 Phpwebthings 1 Phpwebthings 2025-04-03 N/A
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
CVE-2004-0935 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2025-04-03 N/A
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.