Search Results (363429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1722 1 Merak 1 Mail Server 2026-04-16 N/A
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
CVE-2004-1724 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
CVE-2004-1730 1 Mantis 1 Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVE-2006-0840 1 Mantis 1 Mantis 2026-04-16 N/A
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVE-2004-1735 1 Sympa 1 Sympa 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
CVE-2004-1739 1 Bird Chat 1 Internet Chat Server 2026-04-16 N/A
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
CVE-2004-1740 1 Music Daemon 1 Music Daemon 2026-04-16 N/A
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
CVE-2004-1742 1 Web-app.org 1 Webapp 2026-04-16 N/A
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
CVE-2006-3048 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2004-1743 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
CVE-2004-1748 1 Sysinternals 1 Regmon 2026-04-16 N/A
NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.
CVE-2006-3049 1 Mole Group Ticket Booking Script 1 Mole Group Ticket Booking Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2026-04-16 N/A
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
CVE-2004-1758 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
CVE-2006-3051 1 Six Offene Systeme Gmbh 1 Sixcms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
CVE-2004-1760 2 Cisco, Ibm 17 Call Manager, Conference Connection, Emergency Responder and 14 more 2026-04-16 N/A
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
CVE-2004-1764 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
CVE-2004-1771 1 Open Group 1 Scalable Ogo 2026-04-16 N/A
Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.
CVE-2000-0887 1 Isc 1 Bind 2026-04-16 N/A
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
CVE-2004-1774 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.