Export limit exceeded: 361692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2524 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-16 N/A
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVE-2004-1705 1 Citadel 1 Ux 2026-04-16 N/A
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
CVE-2004-1707 1 Oracle 5 Application Server, Application Server Portal, Database Server Lite and 2 more 2026-04-16 N/A
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVE-2005-1782 1 W.m.r. Simpson 1 Bookreview 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
CVE-2004-1709 1 Datakey 1 Rainbow Ikey2032 Usb Token 2026-04-16 N/A
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
CVE-2004-1711 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
CVE-1999-0925 1 Messagemedia 1 Unitymail 2026-04-16 N/A
UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-2004-1712 1 Typepad 1 Typepad 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.
CVE-2005-1784 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
CVE-2004-1713 1 Hp 2 Process Resource Manager, Workload Manager 2026-04-16 N/A
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
CVE-2004-1714 1 Iss 2 Blackice Pc Protection, Blackice Server Protection 2026-04-16 7.1 High
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
CVE-2005-1785 1 Zongg 1 Zongg 2026-04-16 N/A
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2004-1716 1 Powie 1 Pforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
CVE-2005-1786 1 Funkyasp 1 Funkyasp Ad System 2026-04-16 N/A
SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.
CVE-2005-2526 2 Apple, Easy Software Products 2 Mac Os X, Cups 2026-04-16 N/A
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
CVE-2005-1795 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
CVE-2004-1719 1 Merak 1 Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
CVE-2004-1722 1 Merak 1 Mail Server 2026-04-16 N/A
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
CVE-2004-1726 1 John Bradley 1 Xv 2026-04-16 N/A
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
CVE-2005-1797 1 Openssl 1 Openssl 2026-04-16 N/A
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.