Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1407 1 Singapore 1 Image Gallery Web Application 2026-04-16 N/A
Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php.
CVE-2005-2991 1 Ncompress 1 Ncompress 2026-04-16 5.0 Medium
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
CVE-2005-2996 1 Symantec Veritas 2 Storage Exec, Storagecentral 2026-04-16 N/A
Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.
CVE-2005-2997 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php.
CVE-2004-1307 11 Apple, Avaya, Conectiva and 8 more 20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more 2026-04-16 N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVE-2004-1309 1 Mplayer 1 Unix Mplayer 2026-04-16 N/A
Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.
CVE-2004-1317 1 Netcat 1 Netcat 2026-04-16 N/A
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
CVE-2005-3007 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
CVE-1999-1149 1 Computer Software Manufaktur 1 Csm Proxy 2026-04-16 N/A
Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port.
CVE-2005-3008 1 Amar Sagoo 1 Tofu 2026-04-16 N/A
Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.
CVE-2006-0133 1 Ibm 1 Aix 2026-04-16 N/A
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.
CVE-2000-0395 1 Computalynx 1 Cproxy Server 2026-04-16 N/A
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.
CVE-2005-3009 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.
CVE-2004-1319 2 Microsoft, Nortel 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more 2026-04-16 N/A
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
CVE-2006-0134 1 Thewebforum 1 Thewebforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.
CVE-2004-1322 1 Cisco 1 Unity Server 2026-04-16 N/A
Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
CVE-2004-1325 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
CVE-2004-1334 2 Linux, Redhat 3 Linux Kernel, Fedora Core, Linux 2026-04-16 N/A
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
CVE-2004-1335 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Fedora Core and 1 more 2026-04-16 N/A
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
CVE-2004-1338 1 Oracle 2 Database Server, Oracle9i 2026-04-16 N/A
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.