Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1148 1 Les Visiteurs 1 Les Visiteurs 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
CVE-2003-1132 1 Cisco 2 Content Services Switch 11000, Content Services Switch 11500 2026-04-16 N/A
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
CVE-2003-1264 2 D-link, Longshine Technologie 2 Di-614\+, Longshine Wireless Ethernet Access Point 2026-04-16 N/A
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2026-04-16 9.8 Critical
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2003-1241 1 Levcgi.com 1 Myguestbook 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
CVE-2003-1437 6 Bea, Hp, Ibm and 3 more 8 Weblogic Server, Hp-ux, Aix and 5 more 2026-04-16 N/A
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
CVE-2003-1294 2 Redhat, Xscreensaver 2 Enterprise Linux, Xscreensaver 2026-04-16 N/A
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-1340 1 Phpnuke 1 Php-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
CVE-2006-1592 2 X-doom, Zdaemon 2 X-doom, Zdaemon 2026-04-16 N/A
Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.
CVE-2006-1447 1 Apple 1 Mac Os X 2026-04-16 N/A
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
CVE-2006-1392 1 University Of Washington 1 Pubcookie 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs.
CVE-2004-0004 1 Openca 1 Openca 2026-04-16 N/A
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
CVE-2004-0030 1 Phpgedview 1 Phpgedview 2026-04-16 9.8 Critical
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
CVE-2004-0162 3 Clearswift, F-secure, Paul L Daniels 3 Mailsweeper, Internet Gatekeeper, Ripmime 2026-04-16 N/A
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.
CVE-2004-1382 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2026-04-16 N/A
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
CVE-2004-0216 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
CVE-2004-0232 5 Gentoo, Midnight Commander, Redhat and 2 more 6 Linux, Midnight Commander, Enterprise Linux and 3 more 2026-04-16 N/A
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2004-0323 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
CVE-2004-0284 1 Microsoft 3 Ie, Internet Explorer, Outlook 2026-04-16 N/A
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
CVE-2004-0411 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-16 N/A
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.