Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1319 1 Horde 1 Imp 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2006-4632 1 Softbb 1 Softbb 2025-04-03 N/A
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
CVE-2002-0201 1 Cyberstop 1 Cyberstop Web Server 2025-04-03 N/A
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2005-1343 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
CVE-2006-4643 1 Uni-vert 1 Phpleague 2025-04-03 N/A
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-0623 1 Qnx 1 Rtos 2025-04-03 N/A
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
CVE-2006-4978 1 Walter Beschmout 1 Phpquiz 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
CVE-2005-0409 1 Citrusdb 1 Citrusdb 2025-04-03 N/A
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
CVE-2004-0037 1 Opentext 1 Opentext Firstclass Desktop Client 2025-04-03 N/A
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
CVE-2005-0414 1 Mercuryboard 1 Mercuryboard 2025-04-03 N/A
SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.
CVE-2004-1185 2 Gnu, Redhat 2 Enscript, Enterprise Linux 2025-04-03 N/A
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
CVE-2004-1186 2 Gnu, Redhat 2 Enscript, Enterprise Linux 2025-04-03 N/A
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
CVE-2004-0040 1 Checkpoint 2 Firewall-1, Vpn-1 2025-04-03 N/A
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
CVE-2004-1188 3 Mandrakesoft, Mplayer, Xine 4 Mandrake Linux, Mplayer, Xine and 1 more 2025-04-03 N/A
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
CVE-2004-2479 2 National Science Foundation, Redhat 2 Squid Web Proxy Cache, Enterprise Linux 2025-04-03 N/A
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
CVE-2005-0943 1 Cisco 8 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 5 more 2025-04-03 N/A
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
CVE-2004-0043 1 Yahoo 1 Messenger 2025-04-03 N/A
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
CVE-2005-1985 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 N/A
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
CVE-2004-1272 1 Bolthole 1 Filter 2025-04-03 N/A
Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.
CVE-2004-2519 1 Geeos Team 1 Gattaca Server 2003 2025-04-03 N/A
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".