Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2003-1345 Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | N/A | NONE | — | 0 |
| CVE-2003-1346 D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | N/A | NONE | — | 0 |
| CVE-2003-1347 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profil... | N/A | NONE | — | 0 |
| CVE-2026-27599 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-46504 Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5. | 7.1 | HIGH | — | 0 |
| CVE-2010-4622 Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (en... | N/A | NONE | — | 0 |
| CVE-2026-28228 OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author rol... | 8.8 | HIGH | — | 0 |
| CVE-2003-1348 Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | N/A | NONE | — | 0 |
| CVE-2003-1349 Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | N/A | NONE | — | 0 |
| CVE-2003-1350 List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | N/A | NONE | — | 0 |
| CVE-2003-1351 Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | N/A | NONE | — | 0 |
| CVE-2003-1352 Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | N/A | NONE | — | 0 |
| CVE-2003-1353 Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | N/A | NONE | — | 0 |
| CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CON... | 3.1 | LOW | — | 0 |
| CVE-2026-32877 Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded value... | 8.2 | HIGH | — | 0 |
| CVE-2003-1354 Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UD... | N/A | NONE | — | 0 |
| CVE-2003-1355 Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and p... | N/A | NONE | — | 0 |
| CVE-2006-2997 Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search fi... | N/A | NONE | — | 0 |
| CVE-2026-31946 OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow imp... | 9.8 | CRITICAL | — | 0 |
| CVE-2003-1356 The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2003-1357 ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | N/A | NONE | — | 0 |
| CVE-2003-1358 rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by mod... | N/A | NONE | — | 0 |
| CVE-2003-1359 Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | N/A | NONE | — | 0 |
| CVE-2005-4849 Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function... | N/A | NONE | — | 0 |
| CVE-2003-1360 Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | N/A | NONE | — | 0 |
| CVE-2003-1361 Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server. | N/A | NONE | — | 0 |
| CVE-2003-1362 Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of sy... | N/A | NONE | — | 0 |
| CVE-2003-1363 The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mou... | N/A | NONE | — | 0 |
| CVE-2003-1364 Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection o... | N/A | NONE | — | 0 |
| CVE-2003-1365 The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or ... | N/A | NONE | — | 0 |
| CVE-2003-1366 chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | N/A | NONE | — | 0 |
| CVE-2003-1367 The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mail... | N/A | NONE | — | 0 |
| CVE-2003-1368 Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | N/A | NONE | — | 0 |
| CVE-2003-1369 Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | N/A | NONE | — | 0 |
| CVE-2005-4850 eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | N/A | NONE | — | 0 |
| CVE-2003-1370 Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or ... | N/A | NONE | — | 0 |
| CVE-2003-1371 Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules. | N/A | NONE | — | 0 |
| CVE-2003-1372 Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (... | N/A | NONE | — | 0 |
| CVE-2003-1373 Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in ... | N/A | NONE | — | 0 |
| CVE-2003-1374 Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. | N/A | NONE | — | 0 |
| CVE-2024-21746 Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. | 5.3 | MEDIUM | — | 0 |
| CVE-2003-1375 Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. | N/A | NONE | — | 0 |
| CVE-2003-1376 WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state... | N/A | NONE | — | 0 |
| CVE-2003-1377 Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. | N/A | NONE | — | 0 |
| CVE-2003-1378 Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to ... | N/A | NONE | — | 0 |
| CVE-2003-1379 clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals ... | N/A | NONE | — | 0 |
| CVE-2003-1380 Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @... | N/A | NONE | — | 0 |
| CVE-2003-1381 Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say ... | N/A | NONE | — | 0 |
| CVE-2003-1382 Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. | N/A | NONE | — | 0 |
| CVE-2003-1383 WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.