Export limit exceeded: 347803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | ||||
| CVE-2005-2962 | 1 Ntlmaps | 1 Ntlmaps | 2026-04-16 | N/A |
| The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password. | ||||
| CVE-2005-3578 | 1 Walla Telesite | 1 Walla Telesite | 2026-04-16 | N/A |
| SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. | ||||
| CVE-2005-3763 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability. | ||||
| CVE-2000-1017 | 1 Webteacher | 1 Webdata | 2026-04-16 | N/A |
| Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. | ||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2026-04-16 | N/A |
| Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." | ||||
| CVE-2005-2963 | 1 Mod Auth Shadow | 1 Mod Auth Shadow | 2026-04-16 | N/A |
| The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. | ||||
| CVE-2005-3579 | 1 Walla Telesite | 1 Walla Telesite | 2026-04-16 | N/A |
| ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. | ||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | ||||
| CVE-2000-1018 | 1 Mendel Cooper | 1 Shred | 2026-04-16 | N/A |
| shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file. | ||||
| CVE-2005-2964 | 1 Abisource | 1 Community Abiword | 2026-04-16 | N/A |
| Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | ||||
| CVE-2000-1019 | 1 Inktomi | 1 Search Software | 2026-04-16 | N/A |
| Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. | ||||
| CVE-2004-0730 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | ||||
| CVE-2005-2966 | 1 Dia | 1 Dia | 2026-04-16 | N/A |
| The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. | ||||
| CVE-2005-3580 | 1 Qdbm | 1 Qdbm | 2026-04-16 | N/A |
| QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | ||||
| CVE-2004-0536 | 2 Redhat, Tripwire | 2 Enterprise Linux, Tripwire | 2026-04-16 | N/A |
| Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report. | ||||
| CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2026-04-16 | N/A |
| LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | ||||
| CVE-2000-0879 | 1 Plus Technologies | 1 Lpplus | 2026-04-16 | N/A |
| LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services. | ||||
| CVE-2004-0535 | 7 Conectiva, Engardelinux, Gentoo and 4 more | 18 Linux, Secure Community, Secure Linux and 15 more | 2026-04-16 | N/A |
| The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | ||||
| CVE-2000-0874 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). | ||||