Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0605 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
CVE-2003-0614 1 Gallery Project 1 Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVE-2005-2765 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included.
CVE-2005-2769 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
CVE-2003-0622 1 Bea 2 Tuxedo, Weblogic Server 2026-04-16 N/A
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
CVE-2003-0620 1 Andries Brouwer 1 Man 2026-04-16 N/A
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
CVE-2003-0626 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
CVE-2005-2770 1 Wrq 1 Wrq Reflection For Secure It Windows Server 2026-04-16 N/A
WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login.
CVE-2003-0632 1 Oracle 2 Applications, E-business Suite 2026-04-16 N/A
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
CVE-2003-0633 1 Oracle 2 Applications, E-business Suite 2026-04-16 N/A
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
CVE-2005-2772 1 University Of Minnesota 1 Gopher 2026-04-16 N/A
Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.
CVE-2006-0899 1 4images 1 Image Gallery Management System 2026-04-16 N/A
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
CVE-2003-0649 1 Xpcd 1 Xpcd 2026-04-16 N/A
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2005-2803 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
CVE-2005-2808 1 Frox 1 Frox 2026-04-16 N/A
frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.
CVE-2005-2815 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
CVE-2006-0913 1 Mozilla 1 Bugzilla 2026-04-16 N/A
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
CVE-2006-0915 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error.
CVE-2005-2831 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
CVE-2003-0775 2 Redhat, Sane 4 Enterprise Linux, Linux, Sane and 1 more 2026-04-16 N/A
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).