Search Results (366625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4380 2 Mysql, Redhat 2 Mysql, Enterprise Linux 2026-04-16 N/A
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
CVE-2005-4409 1 Mmbase 1 Mmbase 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4407 1 Tmc Visionpool 1 Mercury Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.
CVE-2005-4384 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVE-2006-0034 1 Microsoft 5 Distributed Transaction Coordinator, Windows 2000, Windows 2003 Server and 2 more 2026-04-16 N/A
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
CVE-2005-4374 1 Allinta 1 Allinta 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.
CVE-2005-1434 1 Hp 1 Openview Network Node Manager 2026-04-16 N/A
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
CVE-2005-4350 1 Sun 1 Wbem Services 2026-04-16 N/A
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
CVE-2003-1400 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
CVE-2005-4346 1 Anthony Boyd 1 Phpbb Blog 2026-04-16 N/A
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.
CVE-2003-1392 2 Microsoft, Research Triangle Software 2 All Windows, Cryptobuddy 2026-04-16 N/A
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
CVE-2003-1391 1 Research Triangle Software 1 Cryptobuddy 2026-04-16 N/A
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.
CVE-2005-4335 1 Courseforum 1 Projectforum 2026-04-16 N/A
ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.
CVE-2003-1390 1 Research Triangle Software 1 Cryptobuddy 2026-04-16 N/A
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.
CVE-2005-4330 1 Ihtml Merchant 1 Ihtml Merchant Mall 2026-04-16 N/A
SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.
CVE-2005-4322 1 Hitachi 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.
CVE-2003-1146 1 John Beatty 1 Easy Php Photo Album 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2006-4370 1 Alt-n 1 Webadmin 2026-04-16 N/A
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
CVE-2006-4368 1 Integramod 1 Integramod Portal 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2005-4300 1 Libremail 1 Libremail 2026-04-16 N/A
Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response.