Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0437 1 Stefan Frings 1 Sms Server Tools 2025-04-03 N/A
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
CVE-2002-1835 1 Xerox 2 Docutech 6110, Docutech 6115 2025-04-03 N/A
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
CVE-1999-0607 1 I-soft 1 Quikstore 2025-04-03 N/A
quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
CVE-1999-0608 1 Pdgsoft 1 Pdg Shopping Cart 2025-04-03 N/A
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
CVE-2005-1567 1 Directtopics 1 Directtopics 2025-04-03 N/A
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2005-4581 1 Scott Draves 1 Electric Sheep 2025-04-03 N/A
Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVE-1999-0625 2025-04-03 N/A
The rpc.rquotad service is running.
CVE-2005-3967 1 Atlassian 1 Confluence 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
CVE-2005-1575 1 Mozilla 1 Firefox 2025-04-03 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.
CVE-1999-0629 2025-04-03 N/A
The ident/identd service is running.
CVE-2005-1576 1 Mozilla 1 Firefox 2025-04-03 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
CVE-1999-0635 2025-04-03 N/A
The echo service is running.
CVE-2003-0208 1 Macromedia 1 Flash 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
CVE-2005-1577 1 Apg Technology 1 Classmaster 2025-04-03 N/A
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.
CVE-2000-1061 1 Microsoft 1 Ie 2025-04-03 N/A
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
CVE-2005-3974 1 Drupal 1 Drupal 2025-04-03 N/A
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
CVE-2003-1563 1 Sun 3 Cluster, Solaris, Sunos 2025-04-03 N/A
Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.
CVE-2005-1584 1 Open Solution 1 Quick.forum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
CVE-2005-4167 1 Efiction Project 1 Efiction 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.
CVE-2005-1823 1 Qualiteam 1 X-cart 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.