Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4500 1 Ztml 1 Ezportal Ztml Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.
CVE-2003-0051 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2026-04-16 N/A
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
CVE-2006-4505 1 Nx5 1 Nx5linx 2026-04-16 N/A
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
CVE-2003-0180 1 Ibm 1 Lotus Domino Web Server 2026-04-16 N/A
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
CVE-2006-4507 1 Sony 1 Playstation Portable 2026-04-16 N/A
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.
CVE-2003-0079 2 Hanterm, Redhat 3 Hanterm-xf, Enterprise Linux, Linux 2026-04-16 N/A
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
CVE-2003-0076 2 Dcgui, Qt-dcgui 2 Dcgui, Qt-dcgui 2026-04-16 N/A
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
CVE-2003-0087 1 National Language Support 1 Libim 2026-04-16 N/A
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
CVE-2003-0084 2 Mod Auth Any, Redhat 3 Mod Auth Any, Enterprise Linux, Linux 2026-04-16 N/A
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
CVE-2003-0086 2 Redhat, Samba 3 Enterprise Linux, Linux, Samba 2026-04-16 N/A
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
CVE-2003-0088 1 Apple 1 Mac Os X 2026-04-16 N/A
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
CVE-2003-0085 3 Hp, Redhat, Samba 4 Cifs-9000 Server, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
CVE-2003-0096 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2026-04-16 N/A
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
CVE-2003-0104 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
CVE-2003-0106 1 Symantec 1 Enterprise Firewall 2026-04-16 N/A
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
CVE-2003-0120 1 Mhc-utils 1 Mhc-utils 2026-04-16 N/A
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
CVE-2006-4525 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
CVE-2006-4532 1 Bernard Pacques 1 Yet Another Community System Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.
CVE-2003-0138 2 Mit, Redhat 3 Kerberos, Enterprise Linux, Linux 2026-04-16 N/A
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
CVE-2006-4534 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.