Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0504 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
CVE-2004-1706 1 U.s.robotics 1 Usr808054 2025-04-03 N/A
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
CVE-2003-0505 1 Microsoft 1 Netmeeting 2025-04-03 N/A
Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
CVE-2004-1707 1 Oracle 5 Application Server, Application Server Portal, Database Server Lite and 2 more 2025-04-03 N/A
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVE-2006-4889 1 Telekorn 1 Signkorn Guestbook 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
CVE-2003-0506 1 Microsoft 1 Netmeeting 2025-04-03 N/A
Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
CVE-2004-0596 1 Linux 1 Linux Kernel 2025-04-03 N/A
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
CVE-2003-0508 1 Adobe 1 Acrobat Reader 2025-04-03 N/A
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
CVE-2003-0509 1 Cyberstrong 1 Eshop 2025-04-03 N/A
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
CVE-2006-4910 1 Cisco 2 Ids Sensor Software, Ips Sensor Software 2025-04-03 N/A
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
CVE-2003-0510 1 Ezbounce 1 Ezbounce 2025-04-03 N/A
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
CVE-2006-4911 1 Cisco 1 Ips Sensor Software 2025-04-03 N/A
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
CVE-2003-0511 1 Cisco 1 Ios 2025-04-03 N/A
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
CVE-2004-0599 2 Greg Roelofs, Redhat 2 Libpng, Enterprise Linux 2025-04-03 N/A
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
CVE-2004-0600 3 Redhat, Samba, Trustix 3 Enterprise Linux, Samba, Secure Linux 2025-04-03 N/A
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVE-2005-0653 1 Phpmyadmin 1 Phpmyadmin 2025-04-03 N/A
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
CVE-2006-4919 1 Siteatschool 1 Siteatschool 2025-04-03 N/A
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2004-0601 1 Distcc 1 Distcc 2025-04-03 N/A
distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions.
CVE-2003-0514 1 Apple 1 Safari 2025-04-03 N/A
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2004-0602 1 Freebsd 1 Freebsd 2025-04-03 N/A
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.