Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2931 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
CVE-2003-1063 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
CVE-2005-2935 1 Microsoft 1 Antispyware 2026-04-16 N/A
Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940.
CVE-2005-2940 1 Microsoft 1 Antispyware 2026-04-16 N/A
Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935.
CVE-2005-2946 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2026-04-16 7.5 High
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
CVE-2005-2950 1 Sawmill 1 Sawmill 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
CVE-2005-2961 1 Prozilla 1 Prozilla Download Accelerator 2026-04-16 N/A
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
CVE-2001-1318 1 Qualcomm 1 Eudora Worldmail Server 2026-04-16 N/A
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2005-2971 1 Kde 1 Koffice 2026-04-16 N/A
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
CVE-2003-1065 1 Sun 1 Sunos 2026-04-16 N/A
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
CVE-2005-2977 2 Pam, Redhat 2 Pam, Enterprise Linux 2026-04-16 N/A
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
CVE-2001-1337 1 Beck Ipc Gmbh 1 Ipc At Chip Embedded-webserver 2026-04-16 N/A
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
CVE-2005-2987 1 Digital Scribe 1 Digital Scribe 2026-04-16 N/A
SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2005-2996 1 Symantec Veritas 2 Storage Exec, Storagecentral 2026-04-16 N/A
Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.
CVE-2006-3270 1 Thorcms 1 Thorcms 2026-04-16 N/A
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2000-0630 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2005-3020 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
CVE-2005-3024 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
CVE-2005-3025 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
CVE-2000-0800 1 Suse 1 Suse Linux 2026-04-16 N/A
String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.