Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364988 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1971 1 Oscar Fafian 1 Video Gallery 2026-04-16 N/A
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.
CVE-2004-1979 1 Props 1 Props 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter.
CVE-2005-3207 1 Oracle 1 Forms 2026-04-16 N/A
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
CVE-2004-1987 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
CVE-2004-1989 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
CVE-2004-1996 1 Simple Machines 1 Smf 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.
CVE-2004-2005 1 Qualcomm 1 Eudora 2026-04-16 N/A
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
CVE-2004-2008 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
CVE-2004-2009 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message.
CVE-2004-2011 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
CVE-2004-2015 1 Webct 1 Webct 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.
CVE-2004-2016 1 Netchat 1 Subnet Chat Application 2026-04-16 N/A
Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request.
CVE-2004-2017 1 Turbotraffictrader 1 Turbotraffictrader C 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.
CVE-2004-2019 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
CVE-2004-2020 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
CVE-2005-3208 1 Aenovo 3 Aenovo, Aenovoshop, Aenovowysi 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
CVE-2005-4600 1 Moxiecode 1 Tinymce Compressor Php 2026-04-16 N/A
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
CVE-2000-0201 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
CVE-2004-2022 1 Activestate 1 Activeperl 2026-04-16 N/A
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
CVE-2004-2031 1 E107 1 E107 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.