Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0006 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).
CVE-2005-0685 1 Outstart 1 Participate Enterprise 2025-04-03 N/A
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
CVE-2004-0676 1 Fastream 1 Netfile Ftp Web Server 2025-04-03 N/A
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
CVE-2004-0677 1 Fastream 1 Netfile Ftp Web Server 2025-04-03 N/A
Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").
CVE-2003-0730 3 Netbsd, Redhat, Xfree86 Project 4 Netbsd, Enterprise Linux, Linux and 1 more 2025-04-03 N/A
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
CVE-2003-0731 1 Cisco 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more 2025-04-03 N/A
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
CVE-2004-1828 1 Belchior Foundry 1 Vcard 2025-04-03 N/A
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.
CVE-2003-0733 1 Bea 3 Liquid Data, Weblogic Integration, Weblogic Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVE-2004-0681 1 Comersus Open Technologies 1 Comersus Cart 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.
CVE-2004-1833 1 Borland Software 1 Interbase 2025-04-03 N/A
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
CVE-2004-0682 1 Comersus Open Technologies 1 Comersus Cart 2025-04-03 N/A
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
CVE-2005-0008 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."
CVE-2005-0686 1 Mlterm 1 Mlterm 2025-04-03 N/A
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
CVE-2004-0683 1 Symantec 1 Norton Antivirus 2025-04-03 N/A
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.
CVE-2005-0015 1 Crosswire Bible Society 1 Sword 2025-04-03 N/A
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2004-1843 1 Expinion.net 1 Member Management System 2025-04-03 N/A
SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.
CVE-2003-0740 2 Redhat, Stunnel 3 Enterprise Linux, Linux, Stunnel 2025-04-03 N/A
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
CVE-2003-0743 1 University Of Cambridge 1 Exim 2025-04-03 N/A
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
CVE-2004-1844 1 Expinion.net 1 Member Management System 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
CVE-2004-1846 1 Expinion.net 1 News Manager Lite 2025-04-03 N/A
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.