Export limit exceeded: 349895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349895 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0299 | 1 Smallftpd | 1 Smallftpd | 2026-04-16 | N/A |
| Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters. | ||||
| CVE-2004-0300 | 1 Ecommerce Corporation Online | 1 Store Kit | 2026-04-16 | N/A |
| SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php. | ||||
| CVE-2005-1920 | 3 Debian, Kde, Redhat | 3 Debian Linux, Kde, Enterprise Linux | 2026-04-16 | 7.5 High |
| The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | ||||
| CVE-2006-1654 | 1 Hp | 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more | 2026-04-16 | N/A |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. | ||||
| CVE-2006-2068 | 1 Hitachi | 9 Jp1-cm2-network Node Manager, Jp1-cm2-network Node Manager 250, Jpi Automatic Job Management System 2 and 6 more | 2026-04-16 | N/A |
| Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data. | ||||
| CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2026-04-16 | N/A |
| OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | ||||
| CVE-2004-0305 | 1 Webcortex | 1 Webstores 2000 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter. | ||||
| CVE-2004-0307 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | ||||
| CVE-2004-0308 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. | ||||
| CVE-2006-1655 | 1 Mpg123 | 1 Mpg123 | 2026-04-16 | N/A |
| Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. | ||||
| CVE-2004-0310 | 1 Livejournal | 1 Livejournal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url. | ||||
| CVE-2004-0311 | 1 Apc | 1 Ap9606 | 2026-04-16 | N/A |
| American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2026-04-16 | N/A |
| Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | ||||
| CVE-2004-0313 | 1 Psoproxy | 1 Psoproxy Server | 2026-04-16 | N/A |
| Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name. | ||||
| CVE-2004-0314 | 1 Freewebs | 1 Webzedit | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. | ||||
| CVE-2004-0315 | 1 Avirt | 1 Voice | 2026-04-16 | N/A |
| Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. | ||||
| CVE-2004-0316 | 1 Avirt | 1 Avirt Soho | 2026-04-16 | N/A |
| Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080. | ||||
| CVE-2004-0317 | 1 Platform | 1 Lsf | 2026-04-16 | N/A |
| Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter. | ||||
| CVE-2005-1921 | 6 Debian, Drupal, Gggeek and 3 more | 6 Debian Linux, Drupal, Phpxmlrpc and 3 more | 2026-04-16 | N/A |
| Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||||
| CVE-2004-0324 | 1 Confirm | 1 Confirm | 2026-04-16 | N/A |
| Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. | ||||