Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2316 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2026-04-16 N/A
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.
CVE-2004-2333 1 Bodington 1 Bodington 2026-04-16 N/A
Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files.
CVE-2004-2513 1 Pmail 1 Pegasus 2026-04-16 N/A
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
CVE-2004-2524 1 Whm Autopilot 1 Whm Autopilot 2026-04-16 N/A
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
CVE-2004-2526 1 Ibm 1 Tivoli Directory Server 2026-04-16 N/A
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
CVE-2005-3445 1 Oracle 2 Application Server, Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.
CVE-2005-3448 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
CVE-2005-3449 1 Oracle 1 Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.
CVE-2005-3480 1 Ringtail 1 Casebook 2026-04-16 N/A
login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
CVE-2005-0099 1 Abuse 1 Abuse-sdl 2026-04-16 N/A
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
CVE-2005-0118 1 Helvis 1 Helvis 2026-04-16 N/A
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
CVE-2005-4513 1 Wandsoft 1 E-search 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter.
CVE-2005-0130 1 Berlios 1 Konversation 2026-04-16 N/A
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.
CVE-2005-0131 1 Berlios 1 Konversation 2026-04-16 N/A
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.
CVE-2005-0133 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
CVE-2005-0137 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."
CVE-2005-0973 1 Apple 1 Mac Os X 2026-04-16 N/A
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
CVE-2006-0156 1 Foxrum 1 Foxrum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.
CVE-2005-0286 1 Emotion 1 Mediapartner Web Server 2026-04-16 N/A
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
CVE-2005-0287 1 Bottomline 1 Webseries Payment Application 2026-04-16 N/A
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.