Search Results (362544 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1422 1 Whm 1 Whm Autopilot 2026-04-16 N/A
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.
CVE-2006-3039 1 Cescripts 1 Realty Home Rent 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
CVE-2004-1424 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-0755 1 Dotproject 1 Dotproject 2026-04-16 5.6 Medium
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
CVE-2004-1431 1 Joe Lumbroso 1 Jacks Formmail.php 2026-04-16 N/A
FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.
CVE-2004-1434 1 Cisco 1 Optical Networking Systems Software 2026-04-16 N/A
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
CVE-2004-1436 1 Cisco 1 Optical Networking Systems Software 2026-04-16 N/A
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
CVE-2004-1437 1 Pavuk 1 Pavuk 2026-04-16 N/A
Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code.
CVE-2006-3615 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
CVE-2004-1439 1 Sapporoworks 1 Black Jumbodog 2026-04-16 N/A
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
CVE-2002-0604 1 Snapgear 1 Snapgear Lite\+ Firewall 2026-04-16 N/A
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options.
CVE-2004-1440 1 Putty 1 Putty 2026-04-16 N/A
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
CVE-2004-1441 1 Board Power 1 Board Power 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2004-1442 1 Ibm 1 Net.data 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."
CVE-2006-0759 1 Hivemail 1 Hivemail 2026-04-16 N/A
Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.
CVE-2004-1445 1 Nessus 1 Nessus 2026-04-16 N/A
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
CVE-2004-1446 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
CVE-2004-1452 1 Gentoo 1 Linux 2026-04-16 N/A
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
CVE-2006-0760 1 Lighttpd 1 Lighttpd 2026-04-16 N/A
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.
CVE-2004-1471 6 Cvs, Freebsd, Gentoo and 3 more 6 Cvs, Freebsd, Linux and 3 more 2026-04-16 N/A
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.