Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2044 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more 2026-04-16 N/A
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
CVE-2004-2046 1 Apc 1 Powerchute 2026-04-16 N/A
Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.
CVE-2004-2049 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.
CVE-2002-0283 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.
CVE-2004-2269 1 Matt Shelton 1 Pads 2026-04-16 N/A
Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.
CVE-2006-0946 1 Thomson 1 Speedtouch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.
CVE-2000-1085 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2004-2280 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
CVE-2004-2282 1 Daniel Barron 1 Dansguardian 2026-04-16 N/A
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
CVE-2004-2287 1 Dsm 1 Light Web File Browser 2026-04-16 N/A
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
CVE-2004-2293 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.
CVE-2004-2300 1 Ucd-snmp 1 Ucd-snmp 2026-04-16 N/A
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.
CVE-2006-0948 1 Aol 1 Aol 2026-04-16 N/A
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
CVE-2006-3076 1 Phpbluedragon 1 Phpbluedragon Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.
CVE-2004-2306 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVE-2004-2307 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
CVE-2006-0956 1 Nufw 1 Nufw Firewall 2026-04-16 N/A
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server.
CVE-2006-3079 1 Sspwiz 1 Sspwiz Plus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2004-2314 1 Novell 1 Ichain 2026-04-16 N/A
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
CVE-2004-2319 1 Ibm 2 Informix Dynamic Server, Informix Extended Parallel Server 2026-04-16 N/A
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.