Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4458 1 Metadot 1 Metadot Portal Server 2026-04-16 N/A
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
CVE-2004-1694 1 Symantec 2 On Command Ccm, On Icommand 2026-04-16 N/A
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
CVE-2005-0821 1 Citrix 1 Metaframe Conferencing Manager 2026-04-16 N/A
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse.
CVE-2005-4238 1 Mantis 1 Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVE-2004-1696 1 Emulive 1 Server4 2026-04-16 N/A
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
CVE-2005-3808 1 Linux 1 Linux Kernel 2026-04-16 N/A
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system.
CVE-2005-4239 1 Php Jackknife 1 Php Jackknife 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
CVE-2005-3116 1 Symantec Veritas 1 Netbackup 2026-04-16 N/A
Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2005-3809 1 Linux 1 Linux Kernel 2026-04-16 N/A
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.
CVE-2005-4240 1 Vcd-db 1 Vcd-db 2026-04-16 N/A
SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.
CVE-2005-3118 1 William Stearns 1 Mason 2026-04-16 N/A
Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.
CVE-2005-3810 1 Linux 1 Linux Kernel 2026-04-16 N/A
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.
CVE-2005-4242 1 Horde 1 Turba H3 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
CVE-2004-1697 1 Ca 1 Unicenter Management 2026-04-16 N/A
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
CVE-2004-1698 1 Leadmind 1 Popmessenger 2026-04-16 N/A
The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash.
CVE-2005-4602 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
CVE-2002-2057 1 Teekai 1 Teekai Forum 2026-04-16 N/A
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
CVE-2006-4676 1 Tibco 1 Rendezvous 2026-04-16 N/A
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
CVE-2004-1749 1 Toplayer 1 Attack Mitigator 2026-04-16 N/A
Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.
CVE-2005-2138 1 Comdev 1 Comdev Ecommerce 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.