Export limit exceeded: 366430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366430 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1234 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
CVE-2003-1236 1 Tanne 1 Tanne 2026-04-16 N/A
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
CVE-2003-1237 1 Matt Wright 1 Wwwboard 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.
CVE-2003-1238 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
CVE-2003-1239 1 Wihphoto 1 Wihphoto 2026-04-16 N/A
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
CVE-2003-1240 1 Cutephp 1 Cutenews 2026-04-16 N/A
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
CVE-2003-1241 1 Levcgi.com 1 Myguestbook 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
CVE-2003-1242 1 Sage 1 Sage 2026-04-16 N/A
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
CVE-2003-1243 1 Sage 1 Sage 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
CVE-2003-1244 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-1245 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
CVE-2003-1246 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
CVE-2003-1247 1 Positive Software 1 H-sphere 2026-04-16 N/A
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.
CVE-2003-1248 1 Positive Software 1 H-sphere 2026-04-16 N/A
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
CVE-2003-1249 1 Businessobjects 1 Webintelligence 2026-04-16 N/A
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
CVE-2003-1250 1 Efficient Networks 1 5861 Dsl Router 2026-04-16 N/A
Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap.
CVE-2003-1251 1 Nx 1 N X Web Content Management System 2002 2026-04-16 N/A
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.
CVE-2003-1252 1 Kelli Shaver 1 S8forum 2026-04-16 N/A
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
CVE-2003-1271 1 An 1 An-http 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.
CVE-2003-1253 1 Sangwan Kim 1 Bookmark4u 2026-04-16 N/A
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.