Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3765 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.
CVE-2005-3767 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.
CVE-2002-1289 1 Microsoft 1 Java Virtual Machine 2026-04-16 N/A
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
CVE-2004-2447 1 1st Class Internet Solutions 1 1st Class Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2004-2493 1 Hitachi 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop 2026-04-16 N/A
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
CVE-2004-2500 1 Ilohamail 1 Ilohamail 2026-04-16 N/A
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
CVE-2005-3521 1 E107 1 E107 2026-04-16 N/A
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.
CVE-2005-3846 1 Fscripts 1 Fantastic News 2026-04-16 N/A
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2004-2501 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-16 N/A
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.
CVE-2002-1309 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
CVE-2002-2051 1 Modlogan 1 Modlogan 2026-04-16 N/A
The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.
CVE-2005-3849 1 Pmwiki 1 Pmwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2002-1313 1 Nullmailer 1 Nullmailer 2026-04-16 N/A
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
CVE-2002-2061 2 Mozilla, Netscape 2 Mozilla, Navigator 2026-04-16 N/A
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
CVE-2005-2681 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors.
CVE-2005-3530 1 Antville 1 Antville 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document.
CVE-2005-2683 1 Phpkit 1 Phpkit 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
CVE-2005-3851 1 Onlinetechtools.com 1 Oasys Lite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.
CVE-2005-1566 1 Arcowave Systems 1 Wlan Ap \+ Adsl Router 2026-04-16 N/A
Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell.
CVE-2005-2693 2 Cvs, Redhat 2 Cvs, Enterprise Linux 2026-04-16 N/A
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.