Export limit exceeded: 361759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361759 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1905 1 Kaspersky Lab 2 Kaspersky Anti-virus, Kaspersky Anti-virus Personal 2026-04-16 N/A
The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs.
CVE-2004-1930 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
CVE-2005-1913 1 Linux 1 Linux Kernel 2026-04-16 N/A
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
CVE-2005-2549 2 Gnome, Redhat 2 Evolution, Enterprise Linux 2026-04-16 N/A
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
CVE-2004-1933 1 Citadel 1 Ux 2026-04-16 N/A
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
CVE-2004-1934 1 Isesam 1 Gemitel 2026-04-16 N/A
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.
CVE-1999-1222 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
CVE-2004-1935 1 Sct Corporation 1 Campus Pipeline 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.
CVE-2004-1936 1 Zonelabs 1 Zonealarm 2026-04-16 N/A
ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.
CVE-2005-1918 2 Gnu, Redhat 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVE-2004-0219 1 Openbsd 1 Openbsd 2026-04-16 N/A
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
CVE-2004-1942 1 Sun 1 Patch Manager 2026-04-16 N/A
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.
CVE-2004-1943 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2004-1945 1 Kinesphere Corporation 1 Exchange Pop3 2026-04-16 N/A
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.
CVE-2005-1921 6 Debian, Drupal, Gggeek and 3 more 6 Debian Linux, Drupal, Phpxmlrpc and 3 more 2026-04-16 N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2004-1946 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
CVE-2004-1947 1 Softwin 1 Bitdefender 2026-04-16 N/A
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
CVE-2004-1950 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
CVE-2004-1951 1 Xine 3 Xine, Xine-lib, Xine-ui 2026-04-16 N/A
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
CVE-2004-1953 1 Phprofession 1 Phprofession 2026-04-16 N/A
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.