Export limit exceeded: 362703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0150 2 Oracle, Redhat 3 Mysql, Enterprise Linux, Linux 2026-04-16 N/A
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
CVE-2005-4301 1 Phpxplorer 1 Phpxplorer 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field.
CVE-2005-4304 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments.
CVE-2003-0151 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
CVE-2005-4306 1 Focalmedia.net 1 Sitenet Bbs 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.
CVE-1999-0146 1 Ncsa 2 Campas, Servers 2026-04-16 N/A
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
CVE-1999-0152 1 Data General 1 Dg Ux 2026-04-16 N/A
The DG/UX finger daemon allows remote command execution through shell metacharacters.
CVE-2003-0153 1 Mozilla 1 Bonsai 2026-04-16 N/A
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
CVE-1999-0157 1 Cisco 2 Ios, Pix Firewall Software 2026-04-16 N/A
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.
CVE-2005-4309 1 Scriptscenter 1 Ezupload Pro 2026-04-16 N/A
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-1999-0159 1 Cisco 1 Ios 2026-04-16 3.5 Low
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
CVE-2005-4311 1 Dcscripts 2 Dcforum, Dcforum\+ 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
CVE-1999-0160 1 Cisco 1 Ios 2026-04-16 N/A
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
CVE-2005-4313 1 Almondsoft 1 Almond Personals 2026-04-16 N/A
SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2003-0155 1 Mozilla 1 Bonsai 2026-04-16 N/A
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
CVE-1999-0166 1 Sun 1 Nfs 2026-04-16 N/A
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
CVE-1999-0169 1 Sun 1 Nfs 2026-04-16 N/A
NFS allows attackers to read and write any file on the system by specifying a false UID.
CVE-2005-4318 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
CVE-1999-0291 1 Qbik 1 Wingate 2026-04-16 N/A
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
CVE-2005-4365 1 Flip 1 Flip 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.