Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1315 1 Iplanet 1 Iplanet Web Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
CVE-2002-1245 1 Frank Mcingvale 1 Luxman 2025-04-03 N/A
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
CVE-2002-1239 1 Qnx 1 Rtos 2025-04-03 N/A
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
CVE-2006-4485 2 Php, Redhat 2 Php, Rhel Application Stack 2025-04-03 N/A
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
CVE-2006-4162 1 Cpg-nuke 1 Dragonfly Cms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2006-4156 1 Pearlabs 1 Mafia Moblog 2025-04-03 N/A
PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type
CVE-2006-4023 1 Php 1 Php 2025-04-03 N/A
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
CVE-2005-3259 1 Versatilebulletinboard 1 Versatilebulletinboard 2025-04-03 N/A
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.
CVE-2005-3177 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 N/A
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
CVE-2005-3172 1 Microsoft 1 Windows 2000 2025-04-03 N/A
The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
CVE-1999-0155 1 Aladdin Enterprises 1 Ghostscript 2025-04-03 N/A
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
CVE-1999-0156 1 Washington University 1 Wu-ftpd 2025-04-03 N/A
wu-ftpd FTP daemon allows any user and password combination.
CVE-1999-0157 1 Cisco 2 Ios, Pix Firewall Software 2025-04-03 N/A
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.
CVE-1999-0152 1 Data General 1 Dg Ux 2025-04-03 N/A
The DG/UX finger daemon allows remote command execution through shell metacharacters.
CVE-1999-0162 1 Cisco 1 Ios 2025-04-03 N/A
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
CVE-1999-0166 1 Sun 1 Nfs 2025-04-03 N/A
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
CVE-2005-2294 1 Oracle 1 Forms 2025-04-03 N/A
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
CVE-1999-0172 1 Matt Wright 1 Formmail 2025-04-03 N/A
FormMail CGI program allows remote execution of commands.
CVE-1999-0186 1 Sun 1 Solaris 2025-04-03 N/A
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
CVE-1999-0188 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
The passwd command in Solaris can be subjected to a denial of service.