Search Results (364155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0656 1 Eroaster 1 Eroaster 2026-04-16 N/A
eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
CVE-2003-0657 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
CVE-2006-3616 1 Carbonize 1 Lazarus Guestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
CVE-2003-0672 1 Leon J Breedt 1 Pam-pgsql 2026-04-16 N/A
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
CVE-2003-0683 1 Sgi 1 Irix 2026-04-16 N/A
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.
CVE-2006-3618 1 Pixelated By Lev 1 Pixelated By Lev Guestbook 2026-04-16 N/A
SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters.
CVE-2003-0685 1 Netris 1 Netris 2026-04-16 N/A
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
CVE-2006-3621 1 Dream4 1 Koobi Pro 2026-04-16 N/A
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
CVE-2003-0702 1 Iss 1 Realsecure Server Sensor 2026-04-16 N/A
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
CVE-2006-3625 1 Flv 1 Flv Player 2026-04-16 N/A
FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.
CVE-2003-0709 1 Whois 1 Whois 2026-04-16 N/A
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
CVE-2003-0781 1 Ecartis 1 Ecartis 2026-04-16 N/A
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
CVE-2003-0749 1 Sap 1 Internet Transaction Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
CVE-2003-0751 1 Py-membres 1 Py-membres 2026-04-16 N/A
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
CVE-2003-0758 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
CVE-2003-0762 1 Foxweb 1 Foxweb 2026-04-16 N/A
Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value).
CVE-2006-3640 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
CVE-2003-0768 1 Microsoft 1 Asp.net 2026-04-16 N/A
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
CVE-2003-0782 1 Ecartis 1 Ecartis 2026-04-16 N/A
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2005-4427 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.