Search Results (361680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1795 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
CVE-2004-1719 1 Merak 1 Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
CVE-2004-1722 1 Merak 1 Mail Server 2026-04-16 N/A
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
CVE-2004-1726 1 John Bradley 1 Xv 2026-04-16 N/A
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
CVE-2005-1797 1 Openssl 1 Openssl 2026-04-16 N/A
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
CVE-2004-1727 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
CVE-1999-0942 1 Sco 1 Unixware 2026-04-16 N/A
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
CVE-2004-1730 1 Mantis 1 Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVE-2006-4021 1 Scatterchat 1 Scatterchat 2026-04-16 N/A
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
CVE-2004-1731 1 Mantis 1 Mantis 2026-04-16 N/A
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
CVE-2005-1804 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.
CVE-2004-1733 1 Mydms 1 Mydms 2026-04-16 N/A
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
CVE-2004-1735 1 Sympa 1 Sympa 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
CVE-2004-1736 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
CVE-2004-0136 1 Sgi 1 Irix 2026-04-16 N/A
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."
CVE-2004-1738 1 Jshop E-commerce 1 Jshop Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.
CVE-2004-1739 1 Bird Chat 1 Internet Chat Server 2026-04-16 N/A
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
CVE-2005-1811 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.
CVE-2004-1740 1 Music Daemon 1 Music Daemon 2026-04-16 N/A
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
CVE-2004-0138 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.