Export limit exceeded: 364917 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364917 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0027 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| root privileges via buffer overflow in eject command on SGI IRIX systems. | ||||
| CVE-1999-0028 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| root privileges via buffer overflow in login/scheme command on SGI IRIX systems. | ||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | ||||
| CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | ||||
| CVE-2004-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | ||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | ||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2026-04-16 | N/A |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | ||||
| CVE-2005-3180 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2004-1906 | 1 Mcafee | 1 Freescan | 2026-04-16 | N/A |
| Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. | ||||
| CVE-1999-1246 | 1 Microsoft | 1 Site Server | 2026-04-16 | N/A |
| Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. | ||||
| CVE-1999-1249 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. | ||||
| CVE-2004-1910 | 1 Symantec | 1 Security Check Virus Detection | 2026-04-16 | N/A |
| rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. | ||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2026-04-16 | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | ||||
| CVE-2005-3182 | 1 Gfi | 1 Mailsecurity | 2026-04-16 | N/A |
| Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. | ||||
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | ||||
| CVE-2005-3189 | 1 Qualcomm | 1 Worldmail Imap Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command. | ||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2026-04-16 | N/A |
| The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | ||||
| CVE-2005-4596 | 1 Ades Design | 1 Adesguestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. | ||||
| CVE-2005-3191 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. | ||||