Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0897 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2004-0900 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
CVE-2005-1867 1 Symantec 1 Brightmail Antispam 2026-04-16 N/A
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.
CVE-2005-1874 1 Evan Wagner 1 Dzip 2026-04-16 N/A
Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive.
CVE-2005-1875 1 Exhibit Engine 1 Exhibit Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
CVE-2004-0915 2 Debian, Viewcvs 2 Debian Linux, Viewcvs 2026-04-16 N/A
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
CVE-2005-3359 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules.
CVE-2005-1888 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.
CVE-2005-3731 1 Yassl 1 Yassl 2026-04-16 N/A
Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."
CVE-2004-0949 5 Linux, Redhat, Suse and 2 more 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more 2026-04-16 N/A
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
CVE-2004-0965 1 Hp 1 Hp-ux 2026-04-16 N/A
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
CVE-2005-1939 1 Ipswitch 1 Whatsup Small Business 2026-04-16 N/A
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).
CVE-2002-1688 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
CVE-2005-1963 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.
CVE-2005-3824 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.
CVE-2005-1967 1 Early Impact 1 Productcart Ecommerce 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.
CVE-2005-1970 1 Symantec 1 Pcanywhere 2026-04-16 N/A
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
CVE-2005-3825 1 Comdev 1 Comdev Vote Caster 2026-04-16 N/A
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
CVE-2000-0260 1 Microsoft 2 Frontpage, Visual Interdev 2026-04-16 N/A
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
CVE-2005-1973 1 Sun 1 J2se 2026-04-16 N/A
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.