Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0452 | 2 Larry Wall, Redhat | 2 Perl, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||||
| CVE-2003-1242 | 1 Sage | 1 Sage | 2026-04-16 | N/A |
| Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | ||||
| CVE-2004-0454 | 1 Rlpr | 1 Rlpr | 2026-04-16 | N/A |
| Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allows local users to execute arbitrary code. | ||||
| CVE-2003-1243 | 1 Sage | 1 Sage | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. | ||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2026-04-16 | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | ||||
| CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | ||||
| CVE-2003-1246 | 1 Pedestal Software | 1 Integrity Protection Driver | 2026-04-16 | N/A |
| NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command. | ||||
| CVE-2003-1248 | 1 Positive Software | 1 H-sphere | 2026-04-16 | N/A |
| H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. | ||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. | ||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2026-04-16 | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | ||||
| CVE-2003-1280 | 1 Eekim | 1 Cgihtml | 2026-04-16 | N/A |
| Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads. | ||||
| CVE-2003-1281 | 1 Eekim | 1 Cgihtml | 2026-04-16 | N/A |
| cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files. | ||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | ||||
| CVE-2003-1283 | 1 Kazaa | 1 Kazaa Media Desktop | 2026-04-16 | N/A |
| KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code. | ||||
| CVE-2003-1284 | 1 Sambar | 1 Sambar Server | 2026-04-16 | N/A |
| Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. | ||||
| CVE-2003-1285 | 1 Sambar | 1 Sambar Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). | ||||
| CVE-2003-1286 | 1 Sambar | 1 Sambar Server | 2026-04-16 | N/A |
| HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | ||||
| CVE-2004-0462 | 2026-04-16 | N/A | ||
| The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. | ||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | ||||
| CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | ||||