Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. | ||||
| CVE-2004-1028 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | ||||
| CVE-2004-1030 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2026-04-16 | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | ||||
| CVE-2004-2490 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2026-04-16 | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | ||||
| CVE-2005-0149 | 2 Mozilla, Redhat | 3 Mozilla, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | ||||
| CVE-2004-1031 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2026-04-16 | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | ||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2026-04-16 | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | ||||
| CVE-2004-1033 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2026-04-16 | N/A |
| Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. | ||||
| CVE-2004-1034 | 3 Gentoo, Kaffeine, Xine | 3 Linux, Kaffeine Player, Gxine | 2026-04-16 | N/A |
| Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. | ||||
| CVE-2004-1035 | 1 Imap Proxy | 1 Imap Proxy | 2026-04-16 | N/A |
| Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function. | ||||
| CVE-2004-2492 | 1 Hitachi | 1 Groupmax World Wide Web Desktop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | ||||
| CVE-2005-0156 | 7 Ibm, Larry Wall, Redhat and 4 more | 9 Aix, Perl, Enterprise Linux and 6 more | 2026-04-16 | N/A |
| Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | ||||
| CVE-2004-1036 | 3 Gentoo, Redhat, Squirrelmail | 3 Linux, Enterprise Linux, Squirrelmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML. | ||||
| CVE-2004-2493 | 1 Hitachi | 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop | 2026-04-16 | N/A |
| Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter. | ||||
| CVE-2005-0160 | 1 E-merge | 1 Unace | 2026-04-16 | N/A |
| Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages. | ||||
| CVE-2005-0484 | 1 Gproftpd | 1 Gproftpd | 2026-04-16 | N/A |
| Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log. | ||||
| CVE-2005-0693 | 1 Jowood Productions | 1 Chaser | 2026-04-16 | N/A |
| Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname. | ||||
| CVE-2004-1037 | 2 Gentoo, Twiki | 2 Linux, Twiki | 2026-04-16 | N/A |
| The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. | ||||
| CVE-2004-2494 | 1 Code-crafters | 1 Ability Mail Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. | ||||
| CVE-2005-0161 | 1 E-merge | 1 Unace | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames. | ||||