Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4497 1 Iwebnegar 1 Iwebnegar 2026-04-16 N/A
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4501 1 Ztml 1 Ezportal Ztml Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.
CVE-2004-2559 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.
CVE-2004-2555 1 Smartstuff 1 Foolproof Security 2026-04-16 N/A
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
CVE-2004-2557 1 Netgear 1 Wg602 2026-04-16 N/A
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
CVE-2006-4735 1 Kellan Elliott-mccrea 1 Magpierss 2026-04-16 N/A
Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
CVE-2006-4738 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
CVE-2004-2575 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
CVE-2004-2576 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
CVE-2004-2577 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
CVE-2006-4746 1 Comscripts 1 Web Server Creator 2026-04-16 N/A
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2004-2587 1 Smartertools 1 Smartermail 2026-04-16 N/A
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
CVE-2006-4747 1 Idevspot 1 Textads 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2004-2593 1 Id Software 1 Quake Ii Server 2026-04-16 N/A
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
CVE-2004-2594 1 Id Software 1 Quake Ii Server Windows 2026-04-16 N/A
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
CVE-2004-2601 1 Ubertec 1 Help Center Live 2026-04-16 N/A
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
CVE-2004-2602 1 Ubertec 1 Help Center Live 2026-04-16 N/A
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
CVE-2006-4753 1 Comscripts 1 Phprog 2026-04-16 N/A
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2004-2620 1 Paul L Daniels 1 Ripmime 2026-04-16 N/A
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.
CVE-2004-2627 1 Sun 1 J2me 2026-04-16 N/A
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.