Export limit exceeded: 364784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2843 1 Helpdesk Software 1 Hesk 2026-04-16 N/A
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
CVE-2006-0111 1 Boxcar Media 1 Shopping Cart 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter.
CVE-2005-4876 1 Ignite Realtime 1 Openfire 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.
CVE-2004-0693 2 Redhat, Trolltech 2 Enterprise Linux, Qt 2026-04-16 N/A
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
CVE-2005-2844 1 Indiatimes Messenger 1 Indiatimes Messenger 2026-04-16 N/A
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
CVE-2005-4877 1 Ignite Realtime 1 Openfire 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.
CVE-2006-0112 1 Enhanced Simple Php Gallery 1 Enhanced Simple Php Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2006-0148 1 Netsarang 1 Xlpd 2026-04-16 N/A
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.
CVE-2006-0181 1 Cisco 1 Cs-mars 2026-04-16 N/A
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.
CVE-2004-0695 1 4d 1 Webstar 2026-04-16 N/A
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
CVE-2005-2845 1 Ariba 1 Ariba Spend Management Solutions 2026-04-16 N/A
Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.
CVE-2005-4520 1 Mantis 1 Mantis 2026-04-16 N/A
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
CVE-2004-0701 1 Sun 1 Ray Server Software 2026-04-16 N/A
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
CVE-2004-0702 1 Mozilla 1 Bugzilla 2026-04-16 N/A
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
CVE-2005-2846 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
CVE-2004-0703 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
CVE-2004-0704 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.
CVE-2005-2847 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2004-0706 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
CVE-2004-0708 1 Moinmoin 1 Moinmoin 2026-04-16 N/A
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.