Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2454 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | N/A |
| IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | ||||
| CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2025-04-03 | N/A |
| PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | ||||
| CVE-2003-1495 | 1 Hp | 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent | 2025-04-03 | N/A |
| Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors. | ||||
| CVE-2003-1474 | 1 Freebsd | 1 Slashem-tty | 2025-04-03 | N/A |
| slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris. | ||||
| CVE-2003-1423 | 4 Linux, Microsoft, Petitforum and 1 more | 4 Linux Kernel, All Windows, Petitforum and 1 more | 2025-04-03 | N/A |
| Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | ||||
| CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2025-04-03 | N/A |
| AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | ||||
| CVE-2003-1383 | 1 Logicworks | 1 Web Erp | 2025-04-03 | N/A |
| WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | ||||
| CVE-2003-1356 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. | ||||
| CVE-2006-2784 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | ||||
| CVE-2006-2775 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | ||||
| CVE-2006-2560 | 1 Sitecom | 2 Wl-153, Wl-153 Router Firmware | 2025-04-03 | N/A |
| Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2025-04-03 | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | ||||
| CVE-2006-1735 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | ||||
| CVE-2003-1358 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. | ||||
| CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2025-04-03 | N/A |
| D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2025-04-03 | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | ||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | ||||
| CVE-2001-0771 | 1 Spytech-web | 1 Spyanywhere | 2025-04-03 | N/A |
| Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. | ||||
| CVE-1999-1383 | 2 Gnu, Tcsh | 2 Bash, Tcsh | 2025-04-03 | N/A |
| (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. | ||||
| CVE-2006-1174 | 2 Debian, Redhat | 2 Shadow, Enterprise Linux | 2025-04-03 | N/A |
| useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. | ||||