Export limit exceeded: 344952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1213 | 1 Maxwebportal | 1 Maxwebportal | 2026-04-16 | N/A |
| The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. | ||||
| CVE-2004-0255 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2026-04-16 | N/A |
| Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow. | ||||
| CVE-2003-1215 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | ||||
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | ||||
| CVE-2003-1219 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. | ||||
| CVE-2004-0256 | 1 Gnu | 1 Libtool | 2026-04-16 | N/A |
| GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. | ||||
| CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | ||||
| CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | ||||
| CVE-2003-1228 | 1 Mathopd | 1 Mathopd | 2026-04-16 | N/A |
| Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path. | ||||
| CVE-2004-0257 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2026-04-16 | N/A |
| OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. | ||||
| CVE-2004-0451 | 2 Debian, Sup | 2 Debian Linux, Sup | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. | ||||
| CVE-2003-1229 | 2 Oracle, Sun | 3 Jre, Java Web Start, Jsse | 2026-04-16 | N/A |
| X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files. | ||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2003-1237 | 1 Matt Wright | 1 Wwwboard | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. | ||||
| CVE-2003-1238 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules. | ||||
| CVE-2003-1239 | 1 Wihphoto | 1 Wihphoto | 2026-04-16 | N/A |
| Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter. | ||||
| CVE-2003-1240 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | ||||
| CVE-2003-1241 | 1 Levcgi.com | 1 Myguestbook | 2026-04-16 | N/A |
| Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters. | ||||
| CVE-2004-0452 | 2 Larry Wall, Redhat | 2 Perl, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||||
| CVE-2003-1242 | 1 Sage | 1 Sage | 2026-04-16 | N/A |
| Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | ||||