Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0194 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
CVE-2004-0197 1 Microsoft 1 Jet 2026-04-16 N/A
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
CVE-2003-1289 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2026-04-16 N/A
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
CVE-2003-1291 1 Vmware 1 Esx 2026-04-16 N/A
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
CVE-2003-1292 1 Ashwebstudio 1 Ashnews 2026-04-16 N/A
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
CVE-2003-1293 1 Nukedweb 1 Guestbookhost 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.
CVE-2003-1294 2 Redhat, Xscreensaver 2 Enterprise Linux, Xscreensaver 2026-04-16 N/A
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-1295 2 Redhat, Suse 2 Enterprise Linux, Suse Linux 2026-04-16 N/A
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
CVE-2003-1296 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument.
CVE-2003-1297 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.
CVE-2003-1298 1 Anyportal Php 1 Anyportal Php 2026-04-16 N/A
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
CVE-2003-1299 1 Pablo Software Solutions 1 Baby Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
CVE-2003-1300 1 Pablo Software Solutions 1 Baby Ftp Server 2026-04-16 N/A
Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation.
CVE-2003-1301 1 Sun 1 Jre 2026-04-16 N/A
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
CVE-2003-1304 1 Early Impact 1 Productcart 2026-04-16 N/A
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.
CVE-2003-1305 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
CVE-2003-1307 1 Apache 1 Http Server 2026-04-16 N/A
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.
CVE-2003-1308 1 Fvwm 1 Fvwm 2026-04-16 N/A
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
CVE-2003-1309 1 Zonelabs 1 Zonealarm 2026-04-16 N/A
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
CVE-2003-1310 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").