Search Results (363284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1517 1 Dansie 1 Shopping Cart 2026-04-16 N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2004-0903 4 Conectiva, Mozilla, Redhat and 1 more 9 Linux, Mozilla, Thunderbird and 6 more 2026-04-16 N/A
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
CVE-2001-1238 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
CVE-2001-1243 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
CVE-2003-1519 1 Vivisimo 1 Clustering Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.
CVE-2003-1525 1 My Photo Gallery 1 My Photo Gallery 2026-04-16 N/A
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
CVE-2001-1249 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
CVE-2001-1262 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
CVE-2001-1264 1 Hp 2 Hp-ux, Vvos 2026-04-16 N/A
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
CVE-2003-1527 2 Ibm, Iss 2 Internet Security Systems Blackice Defender, Blackice Server Protection 2026-04-16 N/A
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
CVE-2001-1273 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
CVE-2003-1530 1 Phpbb 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2001-1274 2 Oracle, Redhat 2 Mysql, Linux 2026-04-16 N/A
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
CVE-2003-1533 1 Phppass 1 Phppass 2026-04-16 N/A
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
CVE-2001-1275 2 Oracle, Redhat 2 Mysql, Linux 2026-04-16 N/A
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
CVE-2003-1534 1 Justice Media 1 Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables.
CVE-2001-1293 1 3com 1 3cr29223 2026-04-16 N/A
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
CVE-2001-1294 1 Avtronics 1 Inetserv 2026-04-16 N/A
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
CVE-2003-1535 1 Justice Media 1 Guestbook 2026-04-16 N/A
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
CVE-2001-1297 1 Actionpoll 1 Actionpoll 2026-04-16 N/A
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.