Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364988 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2026-04-16 | N/A |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | ||||
| CVE-2004-1979 | 1 Props | 1 Props | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. | ||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2026-04-16 | N/A |
| The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | ||||
| CVE-2004-1987 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2026-04-16 | N/A |
| picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. | ||||
| CVE-2004-1989 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | ||||
| CVE-2004-1996 | 1 Simple Machines | 1 Smf | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | ||||
| CVE-2004-2005 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. | ||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2026-04-16 | N/A |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | ||||
| CVE-2004-2009 | 1 Adam Webb | 1 Nukejokes | 2026-04-16 | N/A |
| NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message. | ||||
| CVE-2004-2011 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. | ||||
| CVE-2004-2015 | 1 Webct | 1 Webct | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. | ||||
| CVE-2004-2016 | 1 Netchat | 1 Subnet Chat Application | 2026-04-16 | N/A |
| Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request. | ||||
| CVE-2004-2017 | 1 Turbotraffictrader | 1 Turbotraffictrader C | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel. | ||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | ||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | ||||
| CVE-2005-3208 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages. | ||||
| CVE-2005-4600 | 1 Moxiecode | 1 Tinymce Compressor Php | 2026-04-16 | N/A |
| Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | ||||
| CVE-2000-0201 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. | ||||
| CVE-2004-2022 | 1 Activestate | 1 Activeperl | 2026-04-16 | N/A |
| ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. | ||||
| CVE-2004-2031 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. | ||||