Export limit exceeded: 361692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1543 1 Korweblog 1 Korweblog 2026-04-16 N/A
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
CVE-2004-1544 1 Jspwiki 1 Jspwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.
CVE-2004-1546 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
CVE-2006-2018 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
CVE-2004-1549 1 Onnuri Infotek 1 Activepost Standard 2026-04-16 N/A
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.
CVE-2006-2019 1 Apple 1 Safari 2026-04-16 N/A
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
CVE-2004-1550 1 Motorola 1 Wr850g 2026-04-16 N/A
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.
CVE-2005-1612 1 Openbb 1 Openbb 2026-04-16 N/A
SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter.
CVE-2004-1551 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
CVE-2006-3071 1 Anton Belev 1 Mp3 Search Archive 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
CVE-2006-2007 1 Winny 1 Winny 2026-04-16 N/A
Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.
CVE-2004-1540 1 Zyxel 2 Prestige, Zynos 2026-04-16 N/A
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
CVE-2006-2006 1 Ivan Zahariev 1 Izarc 2026-04-16 N/A
Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-1533 1 Digital Mappings Systems 1 Pop3 Server 2026-04-16 N/A
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
CVE-2006-2004 1 Michael Romedahl 1 Ri Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
CVE-2006-2001 1 Scry Gallery 1 Scry Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
CVE-2006-2000 1 Logmethods 1 Logmethods 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter.
CVE-2004-1518 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
CVE-2004-1517 1 Zonelabs 1 Imsecure 2026-04-16 N/A
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.
CVE-2006-1946 1 Visale 1 Visale 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.