Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0049 1 Microsoft 2 Sharepoint Portal Server, Sharepoint Team Services 2025-04-03 N/A
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
CVE-2003-0774 2 Redhat, Sane 4 Enterprise Linux, Linux, Sane and 1 more 2025-04-03 N/A
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
CVE-2004-0696 1 4d 1 Webstar 2025-04-03 N/A
The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.
CVE-2005-0703 1 Xerox 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more 2025-04-03 N/A
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
CVE-2003-0775 2 Redhat, Sane 4 Enterprise Linux, Linux, Sane and 1 more 2025-04-03 N/A
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
CVE-2001-1571 1 Microsoft 1 Windows Xp 2025-04-03 N/A
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
CVE-2001-1568 1 Cmg 1 Wap Gateway 2025-04-03 N/A
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
CVE-2004-0697 1 4d 1 Webstar 2025-04-03 N/A
Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information.
CVE-2005-0706 2 Grip, Redhat 2 Grip, Enterprise Linux 2025-04-03 N/A
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
CVE-2004-0698 1 4d 1 Webstar 2025-04-03 N/A
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
CVE-2001-1569 1 Cmg 1 Openwave Wap Gateway 2025-04-03 N/A
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
CVE-2003-0784 1 Ibm 1 Aix 2025-04-03 N/A
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
CVE-2001-1578 1 Sco 1 Openserver 2025-04-03 N/A
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
CVE-2004-0699 1 Checkpoint 2 Firewall-1, Vpn-1 2025-04-03 N/A
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
CVE-2004-1866 1 Nstx 1 Ip Over Dns Utility 2025-04-03 N/A
nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a denial of service (crash) via a large packet, which triggers a null dereference.
CVE-2005-0056 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."
CVE-2003-0785 1 Brian Bassett 1 Ipmasq 2025-04-03 N/A
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
CVE-2001-1580 2 Nombas, Novell 2 Scriptease Webserver, Netware 2025-04-03 N/A
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
CVE-2006-0583 1 Clever Copy 1 Clever Copy 2025-04-03 N/A
SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2002-0007 2 Mozilla, Redhat 2 Bugzilla, Powertools 2025-04-03 N/A
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.