Export limit exceeded: 351385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351385 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0613 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. | ||||
| CVE-2005-0715 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. | ||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | ||||
| CVE-2005-0758 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Gzip, Enterprise Linux | 2026-04-16 | N/A |
| zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | ||||
| CVE-2004-1587 | 1 Monolith Productions | 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more | 2026-04-16 | N/A |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | ||||
| CVE-2004-1592 | 1 Ocportal | 1 Ocportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. | ||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2026-04-16 | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
| CVE-2004-1593 | 1 Sct Corporation | 1 Campus Pipeline | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. | ||||
| CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | ||||
| CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | ||||
| CVE-2005-0352 | 1 Woodstone | 1 Servers Alive | 2026-04-16 | N/A |
| Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. | ||||
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2026-04-16 | N/A |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. | ||||
| CVE-2004-1636 | 1 Net Integration Technologies Inc. | 1 Wvtftp | 2026-04-16 | N/A |
| Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet. | ||||
| CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2026-04-16 | N/A |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | ||||
| CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | ||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2026-04-16 | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | ||||
| CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | ||||
| CVE-2004-2695 | 2 Jelsoft, Point-to-point Protocol Project | 2 Vbulletin, Point-to-point Protocol | 2026-04-16 | N/A |
| SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. | ||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | ||||
| CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | ||||