Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1203 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
CVE-2001-0357 1 Matt Wright 1 Formmail 2026-04-16 N/A
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
CVE-2003-1204 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
CVE-2001-0370 1 Michael A. Gumienny 1 Fcheck 2026-04-16 N/A
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
CVE-2001-0371 1 Freebsd 1 Freebsd 2026-04-16 N/A
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
CVE-2003-1206 1 Crob 1 Crob Ftp Server 2026-04-16 N/A
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.
CVE-2001-0377 1 Infradig 1 Inframail 2026-04-16 N/A
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
CVE-2001-0392 1 Navision 1 Financials Server 2026-04-16 N/A
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
CVE-2003-1213 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVE-2003-1252 1 Kelli Shaver 1 S8forum 2026-04-16 N/A
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
CVE-2001-0555 1 Screaming Media 1 Siteware 2026-04-16 N/A
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
CVE-2001-0560 2 Paul Vixie, Redhat 2 Vixie Cron, Linux 2026-04-16 N/A
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
CVE-2001-0561 1 Drummond Miles 1 A1stats 2026-04-16 N/A
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
CVE-2005-3941 1 Greywyvern 1 Orca Blog 2026-04-16 N/A
SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
CVE-2001-0574 1 Jason Rahaim 1 Mp3mystic 2026-04-16 N/A
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
CVE-2003-1254 1 Active Php Bookmarks 1 Active Php Bookmarks 2026-04-16 N/A
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.
CVE-2001-0587 1 Sco 1 Openserver 2026-04-16 N/A
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
CVE-2003-1261 1 Globalscape 1 Cuteftp 2026-04-16 N/A
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.
CVE-2001-0589 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
CVE-2003-1264 2 D-link, Longshine Technologie 2 Di-614\+, Longshine Wireless Ethernet Access Point 2026-04-16 N/A
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.