Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0031 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
CVE-2004-0033 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
CVE-2005-0902 1 Nukebookmarks 1 Nukebookmarks 2026-04-16 N/A
SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2004-0039 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
CVE-2003-0135 1 Redhat 1 Linux 2026-04-16 N/A
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
CVE-2005-0905 1 Maxthon 1 Maxthon 2026-04-16 N/A
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
CVE-2005-2850 1 Whitsoft Development 1 Slimftpd 2026-04-16 N/A
SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error.
CVE-2004-0040 1 Checkpoint 2 Firewall-1, Vpn-1 2026-04-16 N/A
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
CVE-2004-0043 1 Yahoo 1 Messenger 2026-04-16 N/A
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
CVE-2005-0907 1 Valdersoft 1 Shopping Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
CVE-2004-0044 1 Cisco 1 Personal Assistant 2026-04-16 N/A
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
CVE-2005-0910 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
CVE-2005-2220 1 Incredible Interactive 1 Dragonfly Commerce 2026-04-16 N/A
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem
CVE-2004-0045 1 Isc 1 Inn 2026-04-16 N/A
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
CVE-2004-0046 1 Snapstream 1 Snapstream Pvs 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.
CVE-2005-0912 1 Deplate 1 Deplate 2026-04-16 N/A
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
CVE-2004-0050 1 Verity 1 Ultraseek 2026-04-16 N/A
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
CVE-2005-0913 1 Smarty 1 Smarty 2026-04-16 N/A
Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.
CVE-2004-0051 3 Clearswift, F-secure, Paul L Daniels 3 Mailsweeper, Internet Gatekeeper, Ripmime 2026-04-16 N/A
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients.
CVE-2004-0052 3 Clearswift, F-secure, Paul L Daniels 3 Mailsweeper, Internet Gatekeeper, Ripmime 2026-04-16 N/A
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.