Export limit exceeded: 364232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2869 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-2863 1 Open Webmail 1 Open Webmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
CVE-2004-0305 1 Webcortex 1 Webstores 2000 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter.
CVE-2004-0303 1 Fools Workshop 1 Owls Workshop 2026-04-16 N/A
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVE-2004-0301 1 Ecommerce Corporation Online 1 Store Kit 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.
CVE-2005-2862 1 Road Runner 1 Adsl Road Runner Modem 2026-04-16 N/A
ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.
CVE-2005-2856 1 Winace 1 Winace 2026-04-16 N/A
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
CVE-2004-0294 1 Yabbforumsoftware 1 Yet Another Bulletin Board 2026-04-16 N/A
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
CVE-2005-2844 1 Indiatimes Messenger 1 Indiatimes Messenger 2026-04-16 N/A
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
CVE-2004-0286 1 Robotftp 1 Robotftp Server 2026-04-16 N/A
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.
CVE-2004-0284 1 Microsoft 3 Ie, Internet Explorer, Outlook 2026-04-16 N/A
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
CVE-2005-2843 1 Helpdesk Software 1 Hesk 2026-04-16 N/A
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
CVE-2005-2813 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
CVE-2004-0273 1 Realnetworks 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player 2026-04-16 N/A
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
CVE-2005-2810 1 Urban 1 Urban 2026-04-16 N/A
Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.
CVE-2004-0271 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
CVE-2005-2809 1 Silc 1 Secure Internet Live Conferencing 2026-04-16 N/A
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
CVE-2005-2803 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
CVE-2004-0269 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
CVE-2004-0267 1 Broadcom 1 Inoculateit 2026-04-16 N/A
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.