Search Results (364908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1498 1 Webhost Automation 1 Helm Control Panel 2026-04-16 N/A
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
CVE-2004-1501 1 Software602 1 602lan Suite 2026-04-16 N/A
The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.
CVE-2004-1508 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
CVE-2005-3048 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
CVE-2004-1517 1 Zonelabs 1 Imsecure 2026-04-16 N/A
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.
CVE-2005-3050 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
CVE-2004-1519 1 Benjamin Curtis 1 Phpbugtracker 2026-04-16 N/A
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
CVE-2004-1524 1 New Media Generation 1 Hired Team Trial 2026-04-16 N/A
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
CVE-2004-1526 1 New Media Generation 1 Hired Team Trial 2026-04-16 N/A
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
CVE-2005-3051 1 Igor Pavlov 1 7-zip 2026-04-16 N/A
Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block.
CVE-2004-1529 1 Rob Sutton 1 Php-nuke Event Calendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
CVE-2005-3052 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php.
CVE-2004-1535 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1544 1 Jspwiki 1 Jspwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.
CVE-2005-3053 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.
CVE-2004-1553 1 Fullrevolution 1 Aspwebalbum 2026-04-16 N/A
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
CVE-2005-3054 1 Php 1 Php 2026-04-16 N/A
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
CVE-2004-1561 1 Icecast 1 Icecast 2026-04-16 N/A
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
CVE-2004-1562 1 W-agora 1 W-agora 2026-04-16 N/A
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2004-1570 1 Eaden Mckee 1 Bblog 2026-04-16 N/A
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.