Export limit exceeded: 364908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1579 1 Devellion 1 Cubecart 2026-04-16 N/A
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
CVE-2004-1588 1 Gosmart 1 Gosmart Message Board 2026-04-16 N/A
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
CVE-2004-1596 1 3com 1 3cradsl72 2026-04-16 N/A
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
CVE-2004-1598 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-16 N/A
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
CVE-2004-1603 1 Cpanel 1 Cpanel 2026-04-16 5.5 Medium
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
CVE-2004-1606 2 Best Software, Saleslogix Corporation 2 Saleslogix, Saleslogix 2026-04-16 N/A
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
CVE-2005-3058 1 Fortinet 2 Fortigate, Fortios 2026-04-16 N/A
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
CVE-2004-1613 3 Mozilla, Redhat, Sgi 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
CVE-2005-3067 1 Scriptsolutions 1 Perldiver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2004-1614 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
CVE-2004-1616 1 Links 1 Links 2026-04-16 N/A
Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme.
CVE-2005-3073 1 Interchange Development Group 1 Interchange 2026-04-16 N/A
Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.
CVE-2004-1617 1 University Of Kansas 1 Lynx 2026-04-16 N/A
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
CVE-2004-1622 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
CVE-2004-1630 1 Openwfe 1 Work Flow Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.
CVE-2005-3077 1 Microsoft 1 Ie For Macintosh 2026-04-16 N/A
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
CVE-2004-1635 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
CVE-2005-3082 1 Seo-board 1 Seo-board 2026-04-16 N/A
SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie.
CVE-2004-1638 1 Tabs Laboratories 1 Mailcarrier 2026-04-16 N/A
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
CVE-2004-1648 1 Web Animations 1 Password Protect 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.