Export limit exceeded: 351444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0579 | 1 Freenx | 1 Freenx | 2026-04-16 | N/A |
| nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. | ||||
| CVE-2004-1377 | 2 Gnu, Turbolinux | 4 A2ps, Turbolinux Home, Turbolinux Server and 1 more | 2026-04-16 | N/A |
| The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-1382 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2026-04-16 | N/A |
| The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. | ||||
| CVE-2005-0245 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247. | ||||
| CVE-2004-1388 | 1 Berlios | 1 Gps Daemon | 2026-04-16 | N/A |
| Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls. | ||||
| CVE-2005-0580 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2026-04-16 | N/A |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | ||||
| CVE-2004-1391 | 1 Qnx | 2 Rtos, Rtp | 2026-04-16 | N/A |
| Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program. | ||||
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | ||||
| CVE-2004-1392 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | ||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | ||||
| CVE-2004-1393 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang). | ||||
| CVE-2005-0266 | 1 Sugarcrm | 1 Sugarcrm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. | ||||
| CVE-2004-1394 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges. | ||||
| CVE-2004-1395 | 1 Monolith Productions | 3 Contract Jack, No One Lives Forever 2, Tron | 2026-04-16 | N/A |
| The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not "Operation would block." | ||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | ||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. | ||||
| CVE-2004-1397 | 1 Usemod | 1 Usemodwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. | ||||
| CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2026-04-16 | N/A |
| The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | ||||
| CVE-2004-1398 | 1 Roxio | 1 Toast | 2026-04-16 | N/A |
| Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument. | ||||
| CVE-2004-1399 | 1 Opentools | 1 Attachment Mod | 2026-04-16 | N/A |
| Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | ||||