Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2584 | 1 Smartertools | 1 Smartermail | 2026-04-16 | N/A |
| frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. | ||||
| CVE-2005-2561 | 1 Myfaq | 1 Myfaq | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3. | ||||
| CVE-2005-2564 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2026-04-16 | N/A |
| Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file. | ||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2026-04-16 | N/A |
| Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message. | ||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2026-04-16 | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | ||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | ||||
| CVE-2005-2567 | 1 Syscp Team | 1 Syscp | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. | ||||
| CVE-2005-2575 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable. | ||||
| CVE-2004-2623 | 1 Matthew Skala | 1 Rippy The Aggregator | 2026-04-16 | N/A |
| Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter." | ||||
| CVE-2005-2587 | 1 Phptb | 1 Topic Boards | 2026-04-16 | N/A |
| SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2005-2590 | 1 Parlano | 1 Mindalign | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2005-2592 | 1 Parlano | 1 Mindalign | 2026-04-16 | N/A |
| Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors. | ||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2026-04-16 | N/A |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. | ||||
| CVE-2004-2642 | 1 Nathaniel Bray | 1 Yeemp | 2026-04-16 | N/A |
| Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender. | ||||
| CVE-2005-2594 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. | ||||
| CVE-2005-0018 | 1 F2c Open Source Project | 1 F2c Translator | 2026-04-16 | N/A |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2005-2603 | 1 My Image Gallery | 1 My Image Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. | ||||
| CVE-2005-0022 | 2 Redhat, University Of Cambridge | 2 Enterprise Linux, Exim | 2026-04-16 | N/A |
| Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. | ||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | ||||