Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1563 1 W-agora 1 W-agora 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
CVE-2006-3621 1 Dream4 1 Koobi Pro 2026-04-16 N/A
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
CVE-2004-1565 1 W-agora 1 W-agora 2026-04-16 N/A
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
CVE-2006-0771 1 Even Balance 1 Punkbuster 2026-04-16 N/A
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.
CVE-2004-1570 1 Eaden Mckee 1 Bblog 2026-04-16 N/A
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2004-1575 1 Apache 1 Xerces-c\+\+ 2026-04-16 N/A
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
CVE-2004-1580 1 Devellion 1 Cubecart 2026-04-16 N/A
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2006-0775 1 Ridder Roeland 1 Birthsys 2026-04-16 N/A
Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.
CVE-2000-0796 1 Sgi 1 Irix 2026-04-16 N/A
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
CVE-2004-1582 1 Blackboard Internet Newsboard System 1 Blackboard Internet Newsboard System 2026-04-16 N/A
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
CVE-2004-1584 1 Wordpress 1 Wordpress 2026-04-16 N/A
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
CVE-2004-1587 1 Monolith Productions 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more 2026-04-16 N/A
Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query.
CVE-2004-1590 1 Clientexec 1 Clientexec 2026-04-16 N/A
Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
CVE-2006-0777 1 Teca Scripts 1 Guestex 2026-04-16 N/A
Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.
CVE-2000-0805 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."
CVE-2004-1593 1 Sct Corporation 1 Campus Pipeline 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.
CVE-2004-1597 1 Rim 1 Blackberry 2026-04-16 N/A
RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored.
CVE-2006-0784 1 D-link 1 Dwl-g700ap 2026-04-16 N/A
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
CVE-2004-1603 1 Cpanel 1 Cpanel 2026-04-16 5.5 Medium
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
CVE-2004-1608 2 Best Software, Saleslogix Corporation 2 Saleslogix, Saleslogix 2026-04-16 N/A
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.