Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | ||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2025-04-03 | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | ||||
| CVE-2004-2612 | 1 Bnc | 1 Bnc | 2025-04-03 | N/A |
| BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | ||||
| CVE-2005-3884 | 1 Zainu | 1 Zainu | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php. | ||||
| CVE-2004-2614 | 1 Xuebrothers | 1 Myweb | 2025-04-03 | N/A |
| Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2025-04-03 | N/A |
| The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2004-2638 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value. | ||||
| CVE-2005-3886 | 1 Cisco | 1 Security Agent | 2025-04-03 | N/A |
| Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. | ||||
| CVE-2004-2639 | 1 Drew Withers | 1 Journalness | 2025-04-03 | N/A |
| Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors. | ||||
| CVE-2005-3889 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | N/A |
| Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. | ||||
| CVE-2004-2648 | 1 Faronics | 1 Freezex | 2025-04-03 | N/A |
| FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file. | ||||
| CVE-2005-3897 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | ||||
| CVE-2004-2651 | 1 Michael Christen | 1 Yacy | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html. | ||||
| CVE-2004-2654 | 1 Squid | 1 Squid | 2025-04-03 | N/A |
| The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5. | ||||
| CVE-2005-3912 | 2 Debian, Webmin | 2 Debian Linux, Webmin | 2025-04-03 | N/A |
| Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. | ||||
| CVE-2004-2657 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision. | ||||
| CVE-2004-2660 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests. | ||||
| CVE-2005-3913 | 1 Vchs | 1 Vchs | 2025-04-03 | N/A |
| Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | ||||
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | ||||