Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0455 2 Imagemagick, Redhat 2 Libmagick Library, Enterprise Linux 2026-04-16 N/A
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
CVE-2000-0969 1 Valve Software 1 Half-life Dedicated Server 2026-04-16 N/A
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
CVE-2006-3636 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3739 3 Redhat, X.org, Xfree86 Project 3 Enterprise Linux, X.org, Xfree86 X 2026-04-16 N/A
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
CVE-2002-0420 1 Claymore Systems Inc 1 Puretls 2026-04-16 N/A
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
CVE-2006-3817 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
CVE-2002-0434 1 Marcus S. Xenakis 1 Directory.php 2026-04-16 N/A
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
CVE-2006-3818 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
CVE-2002-0437 1 Stefan Frings 1 Sms Server Tools 2026-04-16 N/A
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
CVE-2002-0439 1 Caupo.net 1 Cauposhop 2026-04-16 N/A
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
CVE-2002-0443 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
CVE-2006-3853 1 Ibm 1 Informix Dynamic Server 2026-04-16 N/A
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
CVE-2002-0450 1 Talentsoft 1 Web\+ Server 2026-04-16 N/A
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
CVE-2006-3861 1 Ibm 1 Informix Dynamic Server 2026-04-16 N/A
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
CVE-2006-3862 1 Ibm 1 Informix Dynamic Server 2026-04-16 N/A
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2003-0846 1 Suse 1 Suse Linux 2026-04-16 N/A
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
CVE-2002-0468 2 Ecartis, Listar 2 Ecartis, Listar 2026-04-16 N/A
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
CVE-2006-3932 1 Gonafish 1 Linkscaffe 2026-04-16 N/A
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2002-0475 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.