Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0653 1 Netbsd 1 Netbsd 2026-04-16 N/A
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
CVE-2003-0659 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2026-04-16 N/A
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
CVE-2002-1438 1 Novell 1 Netware 2026-04-16 N/A
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
CVE-2005-0558 1 Microsoft 1 Word 2026-04-16 N/A
Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2005-0564 1 Microsoft 1 Word 2026-04-16 N/A
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
CVE-2003-0669 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
CVE-2003-0671 1 Jeremy Elson 1 Tcpflow 2026-04-16 N/A
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
CVE-2002-1458 1 Leszek Krupinski 1 L-forum 2026-04-16 N/A
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
CVE-2003-0682 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Linux 2026-04-16 N/A
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
CVE-2003-0690 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
CVE-2005-0567 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
CVE-2003-0692 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
CVE-2005-0568 1 Raven Software 1 Soldier Of Fortune 2 2026-04-16 N/A
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
CVE-2003-0693 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Linux 2026-04-16 N/A
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
CVE-2005-0569 1 Punbb 1 Punbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
CVE-2003-0747 1 Sap 1 Internet Transaction Server 2026-04-16 N/A
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
CVE-2005-2780 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.
CVE-2003-0748 1 Sap 1 Internet Transaction Server 2026-04-16 N/A
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
CVE-2003-0753 1 Newsphp 1 Newsphp 2026-04-16 N/A
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
CVE-2005-2781 1 Ilia Alshanetsky 1 Fudforum 2026-04-16 N/A
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.