Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0262 1 Ibm 1 Aix 2025-04-03 N/A
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
CVE-2005-0263 1 Ibm 1 Aix 2025-04-03 N/A
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
CVE-2005-0273 1 Photopost 1 Photopost Php Pro 2025-04-03 N/A
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
CVE-2005-0283 1 David Barrett 1 Qwikiwiki 2025-04-03 N/A
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.
CVE-2005-0284 1 Woltlab 1 Burning Book 2025-04-03 N/A
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
CVE-2005-0285 1 Bottomline 1 Webseries Payment Application 2025-04-03 N/A
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
CVE-2002-0095 1 Fraunhofer Fit 1 Bscw 2025-04-03 N/A
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
CVE-2005-0403 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
CVE-2002-0096 1 Geeklog 1 Geeklog 2025-04-03 N/A
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
CVE-2002-1087 1 Visualshapers 1 Ezcontents 2025-04-03 N/A
The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request.
CVE-2005-0407 1 Zakon Group 1 Openconf 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.
CVE-2006-1047 1 Joomla 1 Joomla 2025-04-03 N/A
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
CVE-2002-0098 1 Boozt 1 Boozt Standard 2025-04-03 N/A
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
CVE-2002-1089 1 Oracle 2 Application Server, Reports 2025-04-03 N/A
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
CVE-2002-0101 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
CVE-2002-1090 2 Libesmtp, Redhat 3 Libesmtp, Enterprise Linux, Linux 2025-04-03 N/A
Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.
CVE-2005-0410 1 Citrusdb 1 Citrusdb 2025-04-03 N/A
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.
CVE-2006-1048 1 Joomla 1 Joomla 2025-04-03 N/A
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
CVE-2005-4570 1 Fortinet 3 Forticlient, Fortimanager, Fortios 2025-04-03 N/A
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2006-1055 1 Linux 1 Linux Kernel 2025-04-03 N/A
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.