Export limit exceeded: 360100 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360100 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2026-04-16 | N/A |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | ||||
| CVE-2006-1321 | 1 Webcheck | 1 Webcheck | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report. | ||||
| CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. | ||||
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2026-04-16 | N/A |
| sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | ||||
| CVE-2005-1151 | 1 Debian | 1 Qpopper | 2026-04-16 | N/A |
| qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. | ||||
| CVE-2006-1329 | 2 Jabberstudio, Redhat | 3 Jabberd, Network Proxy, Network Satellite | 2026-04-16 | N/A |
| The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". | ||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2026-04-16 | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | ||||
| CVE-2003-0612 | 1 Robert Hyatt | 1 Crafty | 2026-04-16 | N/A |
| Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin. | ||||
| CVE-2003-0614 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. | ||||
| CVE-2003-0616 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | ||||
| CVE-2005-1174 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2026-04-16 | N/A |
| MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | ||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2026-04-16 | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | ||||
| CVE-2003-0622 | 1 Bea | 2 Tuxedo, Weblogic Server | 2026-04-16 | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | ||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | ||||
| CVE-2003-0624 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | ||||
| CVE-2003-0642 | 1 Watchguard | 1 Serverlock | 2026-04-16 | N/A |
| WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. | ||||
| CVE-2003-0627 | 1 Peoplesoft | 1 Peopletools | 2026-04-16 | N/A |
| psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. | ||||
| CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | ||||
| CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2026-04-16 | N/A |
| Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument. | ||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2026-04-16 | N/A |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | ||||