Search Results (361754 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4228 1 Symantec Veritas 1 Netbackup Puredisk Remote Office Edition 2026-04-16 N/A
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.
CVE-2004-2241 1 Phorum 1 Phorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch.
CVE-2005-0236 1 Omnigroup 1 Omniweb 2026-04-16 N/A
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2006-4230 1 Lizge 1 Lizge Web Portal 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
CVE-2006-4233 1 Globus 1 Globus Toolkit 2026-04-16 N/A
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
CVE-2004-2242 1 Phorum 1 Phorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.
CVE-2004-2244 1 Oracle 2 Application Server, Oracle9i 2026-04-16 N/A
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
CVE-2004-2245 1 Goollery 1 Goollery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
CVE-2005-3978 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-16 N/A
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.
CVE-2004-2249 1 Goosequill 1 Audienceconnect Secureeditor 2026-04-16 N/A
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
CVE-2004-2250 1 Goosequill 1 Audienceconnect Remoteeditor 2026-04-16 N/A
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
CVE-2004-2257 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 5.3 Medium
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
CVE-2004-2263 1 Playsms 1 Playsms 2026-04-16 N/A
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
CVE-1999-1520 1 Microsoft 1 Site Server 2026-04-16 N/A
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
CVE-2004-2213 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2026-04-16 N/A
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
CVE-2004-2210 1 Express-web 1 Express-web Content Management System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
CVE-2004-2208 1 Ideal Science 1 Idealbb 2026-04-16 N/A
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
CVE-2004-2207 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2202 1 Duware 1 Duclassified 2026-04-16 N/A
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
CVE-2004-2197 1 Kdocker 1 Kdocker 2026-04-16 N/A
kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.