Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1245 1 Opera Software 1 Opera Web Browser 2025-04-03 N/A
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
CVE-2006-4717 1 Drupal 1 Drupal Pubcookie Module 2025-04-03 N/A
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
CVE-2004-1806 1 Dogpatch Software 1 Cfwebstore 2025-04-03 N/A
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.
CVE-2004-1808 1 Metamail Corporation 1 Metamail 2025-04-03 N/A
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-0320 1 Andy Prevost 1 Ttcms 2025-04-03 N/A
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
CVE-2003-0321 1 Colten Edwards 1 Bitchx 2025-04-03 N/A
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it.
CVE-2003-0323 1 Michael Sandrof 1 Ircii 2025-04-03 N/A
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
CVE-2004-1814 1 Vocaltec 1 Vgw4 8 Telephony Gateway 2025-04-03 N/A
Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp.
CVE-2002-0970 2 Kde, Redhat 4 Kde, Konqueror, Enterprise Linux and 1 more 2025-04-03 N/A
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
CVE-2003-0324 1 Epic 1 Epic4 2025-04-03 N/A
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
CVE-2003-0325 1 Ambrosia Software 1 Maelstrom 2025-04-03 N/A
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
CVE-2003-0328 2 Epic, Redhat 2 Epic4, Linux 2025-04-03 N/A
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
CVE-2006-4745 1 Scarybear 1 Pocketexpense Pro 2025-04-03 N/A
ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
CVE-2004-1816 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2025-04-03 N/A
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1817 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVE-2005-2695 1 Cisco 2 Ciscoworks Management Center For Ids Sensors, Ciscoworks Monitoring Center For Security 2025-04-03 N/A
Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).
CVE-2006-4761 1 Luke Hutteman 1 Sharpreader 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
CVE-2001-1250 1 Vwebserver 1 Vwebserver 2025-04-03 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
CVE-2004-1827 2 Simple Machines, Yabb 2 Simple Machines Smf, Yabb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
CVE-2003-0334 1 Colten Edwards 1 Bitchx 2025-04-03 N/A
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.