Export limit exceeded: 349456 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2305 | 1 Dg | 1 Remote Control Server | 2026-04-16 | N/A |
| DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. | ||||
| CVE-2005-2317 | 1 Shorewall | 1 Shorewall | 2026-04-16 | N/A |
| Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies. | ||||
| CVE-2004-1591 | 1 Micronet | 1 Sp916bm | 2026-04-16 | N/A |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. | ||||
| CVE-2004-1594 | 1 E-zone Media Inc. | 1 Fusetalk | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. | ||||
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | ||||
| CVE-2002-1773 | 1 Mirabilis | 1 Icq For Macos X | 2026-04-16 | N/A |
| Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. | ||||
| CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | ||||
| CVE-2005-3432 | 1 Thomas Rybak | 1 Minigal 2 | 2026-04-16 | N/A |
| MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all. | ||||
| CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | ||||
| CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | ||||
| CVE-2005-3443 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17. | ||||
| CVE-2006-4292 | 1 Niels Provos | 1 Honeyd | 2026-04-16 | N/A |
| Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | ||||
| CVE-2005-3452 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. | ||||
| CVE-2006-4428 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | 9.8 Critical |
| PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement | ||||
| CVE-2005-3453 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14. | ||||
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | ||||
| CVE-2005-2381 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message. | ||||
| CVE-2005-3456 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. | ||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | ||||
| CVE-2005-3457 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. | ||||