Search Results (363820 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1663 5 Broadcom, Brocade, Engenio and 2 more 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more 2026-04-16 N/A
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
CVE-2005-3743 1 Simplepoll 1 Simplepoll 2026-04-16 N/A
SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
CVE-2004-1669 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.
CVE-2005-2931 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
CVE-2004-1672 1 Icewarp 1 Web Mail 2026-04-16 N/A
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
CVE-2005-2932 1 Checkpoint 2 Zonealarm, Zonealarm Security Suite 2026-04-16 N/A
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVE-2004-1690 1 Rhinosoft 1 Dns4me 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.
CVE-2004-1699 1 Pinnacle Systems 1 Showcenter 2026-04-16 N/A
SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.
CVE-2005-3744 1 Phpcomasy 1 Phpcomasy 2026-04-16 N/A
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
CVE-2005-3760 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND).
CVE-2004-1707 1 Oracle 5 Application Server, Application Server Portal, Database Server Lite and 2 more 2026-04-16 N/A
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVE-2004-1815 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2026-04-16 N/A
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2005-2946 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2026-04-16 7.5 High
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
CVE-2004-1834 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
CVE-2005-1617 1 Willings 2 Webcam, Webcam Lite 2026-04-16 N/A
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information.
CVE-2005-2953 1 Miva 1 Miva Merchant 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
CVE-2004-1857 1 Hp 1 Web Jetadmin 2026-04-16 N/A
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
CVE-2005-2955 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
CVE-2005-2961 1 Prozilla 1 Prozilla Download Accelerator 2026-04-16 N/A
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
CVE-2004-0673 1 Simm-comm 1 Sci Photo Chat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.