Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1220 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
CVE-2002-2164 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
CVE-2002-2178 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag.
CVE-2003-1221 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
CVE-2002-2186 1 Macromedia 1 Jrun 2026-04-16 N/A
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
CVE-2006-4570 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2026-04-16 N/A
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
CVE-2003-1231 1 Ecw-shop 1 Ecw-shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-4584 1 Tr Forum 1 Tr Forum 2026-04-16 N/A
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
CVE-2003-1234 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
CVE-2003-1236 1 Tanne 1 Tanne 2026-04-16 N/A
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
CVE-2003-1241 1 Levcgi.com 1 Myguestbook 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
CVE-2003-1243 1 Sage 1 Sage 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
CVE-2006-4592 1 8pixel.net 1 Simple Blog 2026-04-16 N/A
Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.
CVE-2003-1245 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
CVE-2006-4596 1 Mybace Light 1 Mybace Light 2026-04-16 N/A
PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.
CVE-2006-4599 1 Autentificator 1 Autentificator 2026-04-16 N/A
SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2001-0271 1 Mailnews.cgi 1 Mailnews.cgi 2026-04-16 N/A
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
CVE-2001-0272 1 W3.org 1 Sendtemp.pl 2026-04-16 N/A
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
CVE-2001-0283 1 Sun 1 Sun Ftp 2026-04-16 N/A
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
CVE-2001-1240 1 Engardelinux 1 Secure Linux 2026-04-16 N/A
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.