Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4361 1 Magnolia 1 Content Management Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2005-2763 1 Openttd 1 Openttd 2026-04-16 N/A
Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2005-4362 1 Komodo 1 Komodo Cms 2026-04-16 N/A
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2005-1128 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
CVE-2005-4363 1 Komodo 1 Komodo Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-2765 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included.
CVE-2005-0795 1 Hola 1 Holacms 2026-04-16 N/A
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
CVE-2002-0508 1 Wwwisis 1 Wwwisis 2026-04-16 N/A
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
CVE-2002-0592 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
CVE-2002-0593 3 Mozilla, Netscape, Redhat 5 Mozilla, Communicator, Navigator and 2 more 2026-04-16 N/A
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
CVE-2002-0513 1 Symatec 1 Popper Mod 2026-04-16 N/A
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
CVE-2005-1368 1 Linux 1 Linux Kernel 2026-04-16 N/A
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.
CVE-2005-2774 1 Lithium Software 1 Lithium Ii Mod 2026-04-16 N/A
Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname.
CVE-2005-2775 1 Phpwebnotes 1 Phpwebnotes 2026-04-16 N/A
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.
CVE-2002-0673 1 Pingtel 1 Xpressa 2026-04-16 N/A
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
CVE-2005-1406 1 Freebsd 1 Freebsd 2026-04-16 N/A
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
CVE-2005-2794 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
CVE-2005-0802 1 Asp Press 1 Acs Blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.
CVE-2002-0699 1 Microsoft 6 Windows 2000, Windows 98, Windows 98se and 3 more 2026-04-16 N/A
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.