Export limit exceeded: 344927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0488 | 1 Kerio | 1 Kerio Mailserver | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. | ||||
| CVE-2003-0489 | 1 Michael C. Toren | 1 Tcptraceroute | 2026-04-16 | N/A |
| tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. | ||||
| CVE-2003-0495 | 1 Ledscripts.com | 1 Lednews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item. | ||||
| CVE-2003-0496 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2026-04-16 | N/A |
| Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | ||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | ||||
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2026-04-16 | N/A |
| Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | ||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2026-04-16 | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | ||||
| CVE-2003-1501 | 1 Gast Arbeiter | 1 Gast Arbeiter | 2026-04-16 | N/A |
| Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | ||||
| CVE-2004-0333 | 4 Gentoo, Openpkg, Uudeview and 1 more | 4 Linux, Openpkg, Uudeview and 1 more | 2026-04-16 | N/A |
| Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. | ||||
| CVE-2003-0499 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | ||||
| CVE-2003-1502 | 1 Snert.com | 1 Mod Throttle | 2026-04-16 | N/A |
| mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges. | ||||
| CVE-2003-0501 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Linux | 2026-04-16 | N/A |
| The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. | ||||
| CVE-2003-0502 | 1 Apple | 1 Darwin Streaming Server | 2026-04-16 | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. | ||||
| CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | ||||
| CVE-2003-1503 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. | ||||
| CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | ||||
| CVE-2003-0505 | 1 Microsoft | 1 Netmeeting | 2026-04-16 | N/A |
| Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | ||||
| CVE-2003-0508 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link. | ||||
| CVE-2003-0509 | 1 Cyberstrong | 1 Eshop | 2026-04-16 | N/A |
| SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp. | ||||
| CVE-2003-0510 | 1 Ezbounce | 1 Ezbounce | 2026-04-16 | N/A |
| Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command. | ||||