Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-1028 1 Hp 1 Hp-ux 2025-04-03 N/A
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
CVE-2002-0377 1 Rob Flynn 1 Gaim 2025-04-03 N/A
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
CVE-2002-0379 2 Redhat, University Of Washington 2 Linux, Uw-imap 2025-04-03 N/A
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
CVE-2002-0381 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-03 N/A
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
CVE-2005-3194 1 Estsoft 1 Alzip 2025-04-03 N/A
Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
CVE-2002-1421 1 Ilia Alshanetsky 1 Fudforum 2025-04-03 N/A
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
CVE-2006-3821 1 Adaptive Technology Resource Centre 1 Atutor 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
CVE-2004-2502 1 Im-switch 1 Im-switch 2025-04-03 N/A
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.
CVE-2001-0456 1 Debian 1 Debian Linux 2025-04-03 N/A
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
CVE-2003-0083 2 Apache, Redhat 4 Http Server, Linux, Rhel Stronghold and 1 more 2025-04-03 N/A
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
CVE-2001-0457 1 Debian 1 Debian Linux 2025-04-03 N/A
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2006-3141 1 Dpivision 1 Tradingeye Shop 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2005-2685 1 Savewebportal 1 Savewebportal 2025-04-03 N/A
SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package.
CVE-2004-0491 1 Redhat 1 Enterprise Linux 2025-04-03 N/A
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
CVE-2002-0405 1 Transsoft 1 Broker Ftp Server 2025-04-03 N/A
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
CVE-2006-3831 1 Kailash Nadh 1 Boastmachine 2025-04-03 N/A
The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.
CVE-2004-1391 1 Qnx 2 Rtos, Rtp 2025-04-03 N/A
Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
CVE-2001-0458 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more 4 Debian Linux, Mandrake Linux, Eperl and 1 more 2025-04-03 N/A
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
CVE-2002-1336 2 Redhat, Tightvnc 3 Enterprise Linux, Linux, Tightvnc 2025-04-03 N/A
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
CVE-2002-0409 1 Microsoft 1 .net Framework 2025-04-03 N/A
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.