Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0718 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
CVE-2004-1443 1 Horde 1 Imp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVE-2003-0898 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
CVE-2004-1445 1 Nessus 1 Nessus 2026-04-16 N/A
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
CVE-2004-1447 1 Jetbox 1 Jetbox One Cms 2026-04-16 N/A
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.
CVE-2006-1967 1 Kcscripts 2 Kcscripts Calendar, Portal Pack 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2026-04-16 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2006-1968 1 Kcscripts 2 Kcscripts News Publisher, Portal Pack 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.
CVE-2006-1972 1 Wingnut 1 Easygallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter.
CVE-2004-1456 1 Cvstrac 1 Cvstrac 2026-04-16 N/A
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
CVE-2006-1973 1 Linksys 1 Rt31p2 2026-04-16 N/A
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
CVE-2004-1460 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2026-04-16 N/A
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
CVE-2006-1977 1 Flexbb 1 Flexbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters.
CVE-2006-3069 1 Iglooweb 1 Doublespeak 2026-04-16 N/A
PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used
CVE-2005-1397 1 Php-calendar 1 Php-calendar 2026-04-16 N/A
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2002-1373 2 Oracle, Redhat 3 Mysql, Enterprise Linux, Linux 2026-04-16 N/A
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
CVE-2004-0837 4 Debian, Mysql, Oracle and 1 more 5 Debian Linux, Mysql, Mysql and 2 more 2026-04-16 N/A
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
CVE-2004-1465 1 Winzip 1 Winzip 2026-04-16 N/A
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
CVE-2005-2105 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
CVE-2005-4338 1 Blackboard 1 Academic Suite 2026-04-16 N/A
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".