Export limit exceeded: 359602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359602 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1699 | 1 Pinnacle Systems | 1 Showcenter | 2026-04-16 | N/A |
| SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. | ||||
| CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | ||||
| CVE-2005-3760 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND). | ||||
| CVE-2004-1707 | 1 Oracle | 5 Application Server, Application Server Portal, Database Server Lite and 2 more | 2026-04-16 | N/A |
| The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | ||||
| CVE-2004-1815 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2026-04-16 | N/A |
| Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2026-04-16 | 7.5 High |
| The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | ||||
| CVE-2004-1834 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-16 | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | ||||
| CVE-2005-1617 | 1 Willings | 2 Webcam, Webcam Lite | 2026-04-16 | N/A |
| Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information. | ||||
| CVE-2005-2953 | 1 Miva | 1 Miva Merchant | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. | ||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2026-04-16 | N/A |
| Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | ||||
| CVE-2005-2955 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | ||||
| CVE-2005-2961 | 1 Prozilla | 1 Prozilla Download Accelerator | 2026-04-16 | N/A |
| Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | ||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | ||||
| CVE-2004-0664 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter. | ||||
| CVE-2005-2758 | 1 Symantec | 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage | 2026-04-16 | N/A |
| Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | ||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2026-04-16 | N/A |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. | ||||
| CVE-2005-2656 | 1 Polygen | 1 Polygen | 2026-04-16 | N/A |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | ||||
| CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2026-04-16 | N/A |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | ||||
| CVE-2004-0162 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2026-04-16 | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. | ||||
| CVE-2005-2657 | 1 Common-lisp-controller | 1 Common-lisp-controller | 2026-04-16 | N/A |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | ||||