Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0909 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
CVE-2003-0913 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
CVE-2005-1374 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
CVE-2003-0928 1 Clearswift 1 Mailsweeper 2026-04-16 N/A
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
CVE-2003-0932 1 Omega-rpg 1 Omega-rpg 2026-04-16 N/A
Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable.
CVE-2005-1377 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
CVE-2006-4757 1 E107 1 E107 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
CVE-2003-0940 1 Sap 1 Sap Db 2026-04-16 N/A
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
CVE-2003-0692 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
CVE-2000-0391 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2026-04-16 N/A
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
CVE-2005-1304 1 Citat.pl 1 Citat.pl 2026-04-16 N/A
The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument.
CVE-2000-0389 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2026-04-16 N/A
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
CVE-2005-1303 1 Citat.pl 1 Citat.pl 2026-04-16 N/A
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2000-0382 1 Allaire 1 Clustercats 2026-04-16 N/A
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
CVE-2006-4749 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
CVE-2005-1302 1 Swsoft 1 Confixx 2026-04-16 N/A
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field.
CVE-2003-0664 1 Microsoft 2 Word, Works 2026-04-16 N/A
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
CVE-2006-4748 1 F-art Agency 1 Blog Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php.
CVE-2005-1301 1 Nprotect 1 Netizen 2026-04-16 N/A
nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.
CVE-2005-1300 1 Inserter.cgi 1 Inserter.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.