Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0114 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
CVE-2004-1221 1 Darryl Burgdorf 1 Weblibs 2026-04-16 N/A
Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. sequences in the TextFile parameter.
CVE-2004-1223 1 F-secure 1 Policy Manager 2026-04-16 N/A
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
CVE-2005-0898 1 Magicscripts 1 E-store Kit-2 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter.
CVE-2004-1227 1 Sugarcrm 1 Sugar Sales 2026-04-16 N/A
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
CVE-2002-0342 1 Kde 1 K-mail 2026-04-16 N/A
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
CVE-2006-3018 1 Php Group 1 Php 2026-04-16 N/A
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
CVE-2004-1388 1 Berlios 1 Gps Daemon 2026-04-16 N/A
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
CVE-2005-0941 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-16 N/A
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVE-2004-1394 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
CVE-2005-0765 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
CVE-2005-0945 1 Asp Press 1 Acs Blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
CVE-2005-1672 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.
CVE-2004-1401 1 Asp-rider 1 Asp-rider 2026-04-16 N/A
SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter.
CVE-2005-0947 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.
CVE-2005-0948 1 Iatek 1 Portalapp 2026-04-16 N/A
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
CVE-2002-0011 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
CVE-2002-0014 2 Redhat, University Of Washington 2 Linux, Pine 2026-04-16 N/A
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
CVE-2005-2608 1 Safehtml 1 Safehtml 2026-04-16 N/A
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.
CVE-2005-3499 1 Frisk Software 1 F-prot Antivirus 2026-04-16 N/A
Frisk F-Prot Antivirus allows remote attackers to bypass protection via a ZIP file with a version header greater than 15, which prevents F-Prot from decompressing and analyzing the file.