Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2377 1 Alcatel 2 Omniswitch, Omniswitch 7800 2026-04-16 N/A
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
CVE-2004-2386 2 Denis Sbragion, Peter Astrand 2 Sredird, Sercd 2026-04-16 N/A
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
CVE-2006-0984 1 Ej3 1 Topo 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.
CVE-2004-2388 1 Ibm 1 Aix 2026-04-16 N/A
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
CVE-2004-2390 1 Jabberstudio 1 Jabber Gadu-gadu Transport 2026-04-16 N/A
The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors.
CVE-2006-0986 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.
CVE-2004-2392 2 Mandrakesoft, Redhat 3 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux 2026-04-16 N/A
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
CVE-2004-2393 1 Sun 1 Jsse 2026-04-16 N/A
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
CVE-2000-1122 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
CVE-2004-2398 1 Netenberg 1 Fantastico De Luxe 2026-04-16 N/A
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
CVE-2004-2407 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
CVE-2004-2415 1 Davenport 1 Davenport 2026-04-16 N/A
Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.
CVE-2004-2416 1 Youngzsoft 1 Ccproxy 2026-04-16 N/A
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2004-2418 1 Whitsoft Development 1 Slimftpd 2026-04-16 N/A
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
CVE-2006-0987 1 Isc 1 Bind 2026-04-16 N/A
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
CVE-2006-3087 1 Ezgallery 1 Ezgallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp.
CVE-2004-2419 1 Keene 1 Digital Media Server 2026-04-16 N/A
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
CVE-2006-3649 1 Microsoft 1 Visual Basic 2026-04-16 N/A
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
CVE-2006-0988 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Nt 2026-04-16 N/A
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
CVE-2004-2421 1 Hitachi 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 2026-04-16 N/A
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.