Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | ||||
| CVE-2002-2201 | 1 Webmin | 1 Webmin | 2026-04-16 | N/A |
| The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name. | ||||
| CVE-2002-2203 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information. | ||||
| CVE-2006-4562 | 1 Symantec | 1 Gateway Security | 2026-04-16 | N/A |
| The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface | ||||
| CVE-2006-4584 | 1 Tr Forum | 1 Tr Forum | 2026-04-16 | N/A |
| Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. | ||||
| CVE-2003-1234 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. | ||||
| CVE-2003-1236 | 1 Tanne | 1 Tanne | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog. | ||||
| CVE-2003-1241 | 1 Levcgi.com | 1 Myguestbook | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters. | ||||
| CVE-2003-1243 | 1 Sage | 1 Sage | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. | ||||
| CVE-2006-4592 | 1 8pixel.net | 1 Simple Blog | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism. | ||||
| CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | ||||
| CVE-2006-4596 | 1 Mybace Light | 1 Mybace Light | 2026-04-16 | N/A |
| PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php. | ||||
| CVE-2006-4599 | 1 Autentificator | 1 Autentificator | 2026-04-16 | N/A |
| SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2006-4601 | 1 Annuaire | 1 1two | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2003-1247 | 1 Positive Software | 1 H-sphere | 2026-04-16 | N/A |
| Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. | ||||
| CVE-2006-4602 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. | ||||
| CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2026-04-16 | N/A |
| WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | ||||
| CVE-2006-4605 | 1 Longino | 1 Jacome Php-revista | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. | ||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | ||||
| CVE-2003-0028 | 11 Cray, Freebsd, Gnu and 8 more | 15 Unicos, Freebsd, Glibc and 12 more | 2026-04-16 | N/A |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | ||||