Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1955 1 Singapore 1 Singapore 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
CVE-2004-1291 1 Amir Malik 1 Qwik Smtpd 2026-04-16 N/A
Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.
CVE-2004-2195 1 Zanfi Solutions 1 Zanfi Cms Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
CVE-2000-0063 1 Nortel 1 Contivity 2026-04-16 N/A
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.
CVE-2004-0264 2 Jim Rees, Shaun2k2 2 Jim Rees Httpd, Palmhttpd 2026-04-16 N/A
palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue.
CVE-2004-1297 1 Zack Smith 1 Unrtf 2026-04-16 N/A
Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.
CVE-2004-2196 1 Zanfi Solutions 1 Zanfi Cms Lite 2026-04-16 N/A
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
CVE-2000-0064 1 Nortel 1 Contivity 2026-04-16 N/A
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.
CVE-2004-1298 1 Michael Kohn 1 Vb2c 2026-04-16 N/A
Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file.
CVE-2004-2199 1 Duware 1 Duclassified 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
CVE-2004-1299 1 Vilistextum 1 Vilistextum 2026-04-16 N/A
Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page.
CVE-2004-2201 1 Duware 1 Duforum 2026-04-16 N/A
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
CVE-2004-2204 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVE-2004-0272 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.
CVE-2004-2205 1 Symantec Veritas 1 Cluster Server 2026-04-16 N/A
Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.
CVE-2000-0078 1 Hp 1 Hp-ux 2026-04-16 N/A
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
CVE-2004-2206 1 Natterchat 1 Natterchat 2026-04-16 N/A
SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2211 1 Alivesites 1 Alivesites Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp.
CVE-2004-2216 1 Sun 2 Java System Application Server, Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
CVE-2004-2217 1 Ychat 1 Ychat 2026-04-16 N/A
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.