Search Results (364328 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0324 1 Epic 1 Epic4 2026-04-16 N/A
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
CVE-1999-1391 1 Next 1 Next 2026-04-16 N/A
Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
CVE-2003-0325 1 Ambrosia Software 1 Maelstrom 2026-04-16 N/A
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
CVE-1999-1393 1 Apple 1 Macos 2026-04-16 N/A
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
CVE-2005-1477 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
CVE-2003-0331 1 Ttcms 1 Ttforum 2026-04-16 N/A
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
CVE-2003-0332 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
CVE-2003-0334 1 Colten Edwards 1 Bitchx 2026-04-16 N/A
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.
CVE-2002-0770 1 Id Software 1 Quake 2i Server 2026-04-16 N/A
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
CVE-2005-1504 1 Gamespy 1 Cd-key Validation System 2026-04-16 N/A
GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.
CVE-2005-1506 1 Cj 1 Ultra Plus 2026-04-16 N/A
SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.
CVE-2003-0335 1 Slackware 1 Slackware Linux 2026-04-16 N/A
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
CVE-2003-0336 1 Qualcomm 1 Eudora 2026-04-16 N/A
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.
CVE-1999-1400 1 The Economist 1 The Economist 1999 Screen Saver 2026-04-16 N/A
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
CVE-1999-1405 1 Ibm 1 Aix 2026-04-16 N/A
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
CVE-2002-0772 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
CVE-2003-0337 1 Platform 1 Lsadmin 2026-04-16 N/A
The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.
CVE-2005-1593 1 Codethat 1 Shoppingcart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-1999-1408 2 Hp, Ibm 2 Hp-ux, Aix 2026-04-16 N/A
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
CVE-2002-0777 1 Ipswitch 1 Imail 2026-04-16 N/A
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.