Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1960 1 C.j. Steele 1 Tattle 2026-04-16 N/A
The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
CVE-2000-0134 1 Adgrafix Corporation 1 Check It Out 2026-04-16 N/A
The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2004-2234 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
CVE-2004-2236 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
CVE-2004-2240 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
CVE-2005-1961 1 Objectweb 1 Consortium C-jdbc 2026-04-16 N/A
Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.
CVE-2004-2243 1 Phorum 1 Phorum 2026-04-16 N/A
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
CVE-2004-0291 1 Yabb 1 Yabb 2026-04-16 N/A
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
CVE-2004-2247 1 Goosequill 1 Audienceconnect 2026-04-16 N/A
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
CVE-2004-2248 1 Goosequill 1 Remoteeditor 2026-04-16 N/A
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."
CVE-2000-0152 1 Novell 1 Bordermanager 2026-04-16 N/A
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
CVE-2004-0292 1 Karjasoft 1 Sami Http Server 2026-04-16 N/A
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2004-2255 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
CVE-2004-2256 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
CVE-2004-2258 1 Hummingbird 1 Exceed 2026-04-16 N/A
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
CVE-2004-0293 1 Shopcartcgi 1 Shopcartcgi 2026-04-16 N/A
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
CVE-2004-2265 1 Uudeview 1 Uudeview 2026-04-16 N/A
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.
CVE-2000-0161 1 Microsoft 1 Site Server 2026-04-16 N/A
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
CVE-2004-2268 1 Pimentech 1 Pimengest2 2026-04-16 N/A
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.
CVE-2004-2273 1 Evan Sims 1 Effingerd 2026-04-16 N/A
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.