Export limit exceeded: 29910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2480 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2026-04-16 | N/A |
| Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. | ||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | ||||
| CVE-2004-2265 | 1 Uudeview | 1 Uudeview | 2026-04-16 | N/A |
| UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. | ||||
| CVE-2003-1510 | 1 Rit Research Labs | 1 Tinyweb | 2026-04-16 | N/A |
| TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory. | ||||
| CVE-2006-4218 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. | ||||
| CVE-2003-1173 | 1 Centrinity | 1 Centrinity Firstclass | 2026-04-16 | N/A |
| Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. | ||||
| CVE-2006-2152 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | ||||
| CVE-2004-2671 | 1 Endonesia | 1 Endonesia | 2026-04-16 | N/A |
| mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters. | ||||
| CVE-2004-2513 | 1 Pmail | 1 Pegasus | 2026-04-16 | N/A |
| Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | ||||
| CVE-2002-0288 | 1 Bbshareware.com | 1 Phusion Webserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request. | ||||
| CVE-2004-2267 | 1 Ansel | 1 Ansel | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. | ||||
| CVE-2002-1785 | 1 Zeus Technologies | 1 Zeus Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi. | ||||
| CVE-1999-0034 | 4 Bsdi, Larry Wall, Redhat and 1 more | 4 Bsd Os, Perl, Linux and 1 more | 2026-04-16 | N/A |
| Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. | ||||
| CVE-1999-0035 | 2 Gnu, Sgi | 2 Inet, Irix | 2026-04-16 | 5.4 Medium |
| Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. | ||||
| CVE-2006-4974 | 1 Ipswitch | 1 Ws Ftp Server | 2026-04-16 | N/A |
| Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | ||||
| CVE-2004-0393 | 1 Rlpr | 1 Rlpr | 2026-04-16 | N/A |
| Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function. | ||||
| CVE-1999-0668 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | ||||
| CVE-2001-0983 | 1 Ultraedit | 1 Ultraedit-32 | 2026-04-16 | N/A |
| UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. | ||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2026-04-16 | N/A |
| McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | ||||
| CVE-2004-0939 | 1 Neoteris | 1 Instant Virtual Extranet | 2026-04-16 | N/A |
| changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack. | ||||