Search Results (365026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2573 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-16 N/A
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
CVE-2004-2214 1 Mbedthis 1 Appweb Http Server 2026-04-16 9.8 Critical
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.
CVE-2005-2574 1 Xmb Forum 1 Xmb 2026-04-16 N/A
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
CVE-2004-2220 1 F-secure 1 F-secure Anti-virus 2026-04-16 N/A
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
CVE-2003-1562 1 Openbsd 1 Openssh 2026-04-16 N/A
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
CVE-2005-2580 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
CVE-2004-2228 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.
CVE-2004-2233 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
CVE-2002-1918 1 Microsoft 1 Data Access Components 2026-04-16 N/A
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
CVE-2004-2253 1 Netwin 1 Surgeldap 2026-04-16 N/A
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
CVE-2005-2584 1 Mentor 1 Adslfr4ii 2026-04-16 N/A
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
CVE-2002-0133 1 Avirt 3 Avirt Gateway, Avirt Gateway Suite, Avirt Soho 2026-04-16 N/A
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
CVE-2002-1919 1 Virtual Programming 1 Vp-asp 2026-04-16 N/A
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
CVE-2002-1929 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
CVE-2002-1945 1 Virtualzone 1 Smartmail Server 2026-04-16 N/A
Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3).
CVE-2004-2261 1 E107 1 E107 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
CVE-2005-2585 1 Mentor 1 Adslfr4ii 2026-04-16 N/A
Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan.
CVE-2004-2262 1 E107 1 E107 2026-04-16 N/A
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
CVE-2002-1952 1 Phprank 1 Phprank 2026-04-16 N/A
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
CVE-2002-1957 1 Pen 1 Pen 2026-04-16 N/A
Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages.