Search Results (366291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2202 1 Duware 1 Duclassified 2026-04-16 N/A
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
CVE-2005-0935 1 Esmi 1 Paypal Storefront 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
CVE-2005-1695 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
CVE-2005-0933 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.
CVE-2005-0932 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.
CVE-2004-2191 1 Turbotraffictrader 1 Turbotraffictrader Php 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.
CVE-2004-2181 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2003-1362 1 Hp 2 Bastille, Hp-ux 2026-04-16 N/A
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
CVE-2002-2360 1 Webmin 1 Webmin 2026-04-16 N/A
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
CVE-2003-1364 1 Aprelium Technologies 1 Abyss Web Server 2026-04-16 N/A
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
CVE-2003-1372 4 Linux, Microsoft, Myphpnuke and 1 more 4 Linux Kernel, All Windows, Myphpnuke and 1 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVE-2003-1382 1 Instantservers Inc. 1 Ismail 2026-04-16 N/A
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
CVE-2004-2125 1 Iss 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more 2026-04-16 N/A
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
CVE-2004-2127 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable.
CVE-2003-1399 1 Eject 1 Eject 2026-04-16 N/A
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
CVE-2003-1440 1 Burton Computer Corporation 1 Spamprobe 2026-04-16 N/A
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
CVE-2003-1403 1 Dotbr 1 Botbr 2026-04-16 N/A
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2026-04-16 N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2005-0927 1 Web-app.org 1 Webapp 2026-04-16 N/A
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
CVE-2003-1426 1 Cpanel 1 Cpanel 2026-04-16 N/A
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.