Export limit exceeded: 362703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
| CVE-2005-4301 | 1 Phpxplorer | 1 Phpxplorer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field. | ||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2026-04-16 | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | ||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | ||||
| CVE-2005-4306 | 1 Focalmedia.net | 1 Sitenet Bbs | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi. | ||||
| CVE-1999-0146 | 1 Ncsa | 2 Campas, Servers | 2026-04-16 | N/A |
| The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. | ||||
| CVE-1999-0152 | 1 Data General | 1 Dg Ux | 2026-04-16 | N/A |
| The DG/UX finger daemon allows remote command execution through shell metacharacters. | ||||
| CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2026-04-16 | N/A |
| bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | ||||
| CVE-1999-0157 | 1 Cisco | 2 Ios, Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. | ||||
| CVE-2005-4309 | 1 Scriptscenter | 1 Ezupload Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | ||||
| CVE-1999-0159 | 1 Cisco | 1 Ios | 2026-04-16 | 3.5 Low |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | ||||
| CVE-2005-4311 | 1 Dcscripts | 2 Dcforum, Dcforum\+ | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters. | ||||
| CVE-1999-0160 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. | ||||
| CVE-2005-4313 | 1 Almondsoft | 1 Almond Personals | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2026-04-16 | N/A |
| bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | ||||
| CVE-1999-0166 | 1 Sun | 1 Nfs | 2026-04-16 | N/A |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. | ||||
| CVE-1999-0169 | 1 Sun | 1 Nfs | 2026-04-16 | N/A |
| NFS allows attackers to read and write any file on the system by specifying a false UID. | ||||
| CVE-2005-4318 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | ||||
| CVE-1999-0291 | 1 Qbik | 1 Wingate | 2026-04-16 | N/A |
| The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. | ||||
| CVE-2005-4365 | 1 Flip | 1 Flip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. | ||||