Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2544 1 Comdev 1 Comdev Ecommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
CVE-2005-3500 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
CVE-2004-1981 1 Businessobjects 2 Crystal Enterprise, Crystal Reports 2026-04-16 N/A
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
CVE-2002-1189 1 Cisco 1 Unity Server 2026-04-16 N/A
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
CVE-2004-1994 1 E-zone Media Inc. 1 Fusetalk 2026-04-16 N/A
FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm.
CVE-2002-1193 1 Tkmail 1 Tkmail 2026-04-16 N/A
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
CVE-2004-1999 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
CVE-2004-2008 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
CVE-2002-1867 1 Bizdesign 1 Imagefolio 2026-04-16 N/A
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2002-1198 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
CVE-2004-2106 1 Novell 1 Netware 2026-04-16 N/A
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
CVE-2005-0340 1 Apple 1 Afp Server 2026-04-16 N/A
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.
CVE-2004-1939 1 Rhinosoft 1 Zaep Antispam 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
CVE-2005-4590 1 Spb 1 Kiosk Engine 2026-04-16 N/A
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
CVE-2005-0377 1 Sergey Kiselev 1 Sgallery 2026-04-16 N/A
SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.
CVE-2005-0337 3 Redhat, Suse, Wietse Venema 4 Enterprise Linux, Enterprise Linux Desktop, Suse Linux and 1 more 2026-04-16 N/A
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
CVE-2005-0378 1 Horde 1 Horde 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVE-2006-1122 1 D2ksoft 1 D2kblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-4776 1 Netbsd 1 Netbsd 2026-04-16 N/A
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
CVE-2005-0380 1 Zeroboard 1 Zeroboard 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.