Search Results (361778 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0103 1 Netsmart 1 Smartcart 2026-04-16 N/A
The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2004-2221 1 Mercantec 1 Softcart 2026-04-16 N/A
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2004-2224 1 Appfoundry 1 Message Foundry 2026-04-16 N/A
Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.
CVE-2004-2225 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
CVE-2004-1315 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
CVE-2004-2230 1 Openbsd 1 Openbsd 2026-04-16 N/A
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
CVE-2005-1957 1 Adam Mmedici 1 File Upload Manager 2026-04-16 N/A
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
CVE-2004-1318 1 Namazu 1 Namazu 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.
CVE-2004-2232 1 Moodle 1 Moodle 2026-04-16 N/A
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
CVE-2005-1960 1 C.j. Steele 1 Tattle 2026-04-16 N/A
The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
CVE-2000-0134 1 Adgrafix Corporation 1 Check It Out 2026-04-16 N/A
The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2004-2234 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
CVE-2004-2236 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
CVE-2004-2240 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
CVE-2005-1961 1 Objectweb 1 Consortium C-jdbc 2026-04-16 N/A
Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.
CVE-2004-2243 1 Phorum 1 Phorum 2026-04-16 N/A
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
CVE-2004-0291 1 Yabb 1 Yabb 2026-04-16 N/A
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
CVE-2004-2247 1 Goosequill 1 Audienceconnect 2026-04-16 N/A
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
CVE-2005-1965 1 Glen Campbell 1 Siteframe 2026-04-16 N/A
PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.
CVE-2004-2248 1 Goosequill 1 Remoteeditor 2026-04-16 N/A
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."