Export limit exceeded: 364860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364860 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2026-04-16 | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | ||||
| CVE-2004-1383 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php. | ||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | ||||
| CVE-2006-0138 | 1 Amsn | 1 Amsn | 2026-04-16 | N/A |
| aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). | ||||
| CVE-2006-0157 | 1 Reamday Enterprises | 1 Magic News Plus | 2026-04-16 | N/A |
| settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | ||||
| CVE-2004-1384 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. | ||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | ||||
| CVE-2005-4560 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | ||||
| CVE-2004-1389 | 1 Veritas | 1 Netbackup | 2026-04-16 | N/A |
| Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature. | ||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | ||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | ||||
| CVE-2004-1397 | 1 Usemod | 1 Usemodwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. | ||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | ||||
| CVE-2004-1398 | 1 Roxio | 1 Toast | 2026-04-16 | N/A |
| Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument. | ||||
| CVE-2005-4564 | 1 Adtran | 1 Netvanta | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||
| CVE-2004-1404 | 1 Opentools | 1 Attachment Mod | 2026-04-16 | N/A |
| Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | ||||
| CVE-2005-4565 | 1 Adtran | 1 Netvanta | 2026-04-16 | N/A |
| Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||
| CVE-2004-1304 | 3 File, Gentoo, Trustix | 3 File, Linux, Secure Linux | 2026-04-16 | N/A |
| Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. | ||||
| CVE-2004-1302 | 1 Yamt | 1 Yamt | 2026-04-16 | N/A |
| The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag. | ||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | ||||