Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2657 1 Common-lisp-controller 1 Common-lisp-controller 2026-04-16 N/A
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before.
CVE-2005-3544 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2005-4036 1 Web4future 1 Keyword Frequency Counter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL."
CVE-2005-2658 1 Softwolves Software 1 Turquoise Superstat 2026-04-16 N/A
Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month.
CVE-2005-3545 1 Ibproarcade 1 Ibproarcade 2026-04-16 N/A
SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2005-1105 1 Sun 1 Javamail 2026-04-16 N/A
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.
CVE-2005-4084 1 Phpbb Styles 1 Phpbb Extreme Styles 2026-04-16 N/A
xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter.
CVE-2004-1496 1 Minihttpserver.net 1 Web Forums Server 2026-04-16 N/A
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).
CVE-2005-1107 1 Mcafee 1 Internet Security Suite 2026-04-16 N/A
McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files.
CVE-2002-0421 1 Microsoft 1 Windows Nt 2026-04-16 N/A
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
CVE-2005-2750 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
CVE-2004-1498 1 Webhost Automation 1 Helm Control Panel 2026-04-16 N/A
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
CVE-2002-0425 1 Khaled Mardam-bey 1 Mirc 2026-04-16 N/A
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
CVE-2004-1499 1 Webhost Automation 1 Helm Control Panel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.
CVE-2005-2751 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
CVE-2005-1352 1 Leif M. Wright 1 Ad.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2002-0426 1 Linksys 1 Befvp41 2026-04-16 N/A
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
CVE-2005-2757 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
CVE-2005-0790 1 Phpadsnew 1 Phpadsnew 2026-04-16 N/A
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.
CVE-2005-1357 1 Text.cgi 1 Text.cgi 2026-04-16 N/A
text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.