Export limit exceeded: 347811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3544 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | ||||
| CVE-2005-3852 | 1 Onlinetechtools.com | 1 Owos Lite | 2026-04-16 | N/A |
| SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2005-3906 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003. | ||||
| CVE-2005-3955 | 3 Blogbuddies, Jaws, Magpierss | 3 Blogbuddies, Jaws, Magpierss | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | ||||
| CVE-2000-0861 | 1 Gnu | 1 Mailman | 2026-04-16 | N/A |
| Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | ||||
| CVE-2004-0530 | 1 Slackware | 1 Slackware Linux | 2026-04-16 | N/A |
| The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path. | ||||
| CVE-2005-2853 | 1 Guppy | 1 Guppy | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. | ||||
| CVE-2000-0865 | 1 Tridia | 1 Doublevision | 2026-04-16 | N/A |
| Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. | ||||
| CVE-2004-0534 | 1 Businessobjects | 2 Infoview, Webintelligence | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. | ||||
| CVE-2005-2854 | 1 Thesitewizard.com | 1 Chfeedback.pl Feedback Form Perl Script | 2026-04-16 | N/A |
| CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers. | ||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2026-04-16 | N/A |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2026-04-16 | N/A |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | ||||
| CVE-2005-3540 | 1 Petris | 1 Petris | 2026-04-16 | N/A |
| Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | ||||
| CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | ||||
| CVE-2004-0526 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2026-04-16 | N/A |
| Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2000-0857 | 1 Sebastian Kienzl | 1 Muh | 2026-04-16 | N/A |
| The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname. | ||||
| CVE-2000-0549 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2026-04-16 | N/A |
| Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | ||||
| CVE-2004-0367 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. | ||||
| CVE-2005-2753 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. | ||||