Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0584 1 Tolis Group 1 Bru 2026-04-16 N/A
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
CVE-2005-2392 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
CVE-2000-0216 1 Microsoft 3 Exchange Server, Outlook, Windows Messaging 2026-04-16 N/A
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVE-2003-0585 1 Brooky 1 Estore 2026-04-16 N/A
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
CVE-2005-2398 1 Php Surveyor 1 Php Surveyor 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.
CVE-2003-0590 1 Splatt 1 Splatt Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
CVE-2005-2401 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
CVE-2005-2420 1 Ftplocate 1 Ftplocate 2026-04-16 N/A
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
CVE-2005-2421 1 Beehive Forum 1 Beehive Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.
CVE-2003-0592 2 Kde, Redhat 4 Konqueror, Konqueror Embedded, Enterprise Linux and 1 more 2026-04-16 N/A
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2005-2424 1 Siemens 1 Santis 50 2026-04-16 N/A
The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.
CVE-2000-0246 1 Microsoft 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more 2026-04-16 N/A
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
CVE-2003-0593 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2003-0594 2 Mozilla, Redhat 3 Mozilla, Enterprise Linux, Linux 2026-04-16 N/A
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2005-2431 1 Gforge 1 Gforge 2026-04-16 N/A
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
CVE-2000-0253 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
CVE-2003-0595 1 Terascript 1 Wintango Application Server 2026-04-16 N/A
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
CVE-2003-0602 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
CVE-2003-0603 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
CVE-2003-0604 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.