Export limit exceeded: 361816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0250 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
CVE-2004-1222 1 Darryl Burgdorf 1 Weblibs 2026-04-16 N/A
weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter.
CVE-2004-2143 1 Mambo 1 Mambo Portal 2026-04-16 N/A
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.
CVE-2004-2144 1 Baalsystems 1 Baal Smart Forms 2026-04-16 N/A
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
CVE-2004-1223 1 F-secure 1 Policy Manager 2026-04-16 N/A
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
CVE-2004-2146 1 Pd9 Software 1 Megabbs 2026-04-16 N/A
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.
CVE-2004-2147 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
CVE-2005-1944 1 Xmysqladmin 1 Xmysqladmin 2026-04-16 N/A
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
CVE-2004-2151 1 Virtual Projects 1 Chatman 2026-04-16 N/A
Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.
CVE-2004-2153 1 Real Estate Management Software 1 Real Estate Management Software 2026-04-16 N/A
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.
CVE-2004-2158 1 S9y 1 Serendipity 2026-04-16 N/A
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2004-2161 1 Tutos 1 Tutos 2026-04-16 N/A
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-2004-1263 1 Changepassword 1 Changepassword 2026-04-16 N/A
changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.
CVE-2004-2162 1 Tutos 1 Tutos 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
CVE-2005-1946 1 Invision Power Services 1 Invision Community Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
CVE-2004-2164 1 Virtual Programming 1 Vp-asp 2026-04-16 N/A
shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
CVE-2004-2165 1 Impressions Games 1 Lords Of The Realm Iii 2026-04-16 N/A
Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname.
CVE-2000-0006 2 Linux, Paul Kranenburg 2 Linux Kernel, Strace 2026-04-16 N/A
strace allows local users to read arbitrary files via memory mapped file names.
CVE-2004-0256 1 Gnu 1 Libtool 2026-04-16 N/A
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
CVE-2004-1282 1 Linpopup 1 Linpopup 2026-04-16 N/A
Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.