Search Results (364818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0484 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
CVE-2003-0485 1 Progress 1 4gl Compiler 2026-04-16 N/A
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
CVE-2003-0486 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
CVE-2003-0487 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
CVE-2003-0488 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
CVE-2003-0489 1 Michael C. Toren 1 Tcptraceroute 2026-04-16 N/A
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
CVE-2003-0490 1 Dantz 1 Retrospect Client 2026-04-16 N/A
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
CVE-2003-0491 1 Mytutorials 1 Tutorials 2026-04-16 N/A
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
CVE-2003-0492 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
CVE-2003-0493 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
CVE-2003-0494 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
CVE-2003-0495 1 Ledscripts.com 1 Lednews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.
CVE-2003-0496 1 Microsoft 2 Windows 2000, Windows 2000 Terminal Services 2026-04-16 N/A
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
CVE-2003-0497 1 Intersystems 1 Cache Database 2026-04-16 N/A
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
CVE-2003-0498 1 Intersystems 1 Cache Database 2026-04-16 N/A
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2003-0499 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
CVE-2003-0500 1 Proftpd Project 1 Proftpd 2026-04-16 N/A
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
CVE-2003-0501 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
CVE-2003-0502 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVE-2003-0503 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.