Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1862 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. | ||||
| CVE-2002-0118 | 1 Infopop | 1 Ultimate Bulletin Board | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | ||||
| CVE-2002-0127 | 1 Netgear | 1 Rp114 | 2026-04-16 | N/A |
| Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. | ||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2026-04-16 | N/A |
| SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | ||||
| CVE-2004-1901 | 1 Gentoo | 2 Linux, Portage | 2026-04-16 | 5.5 Medium |
| Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | ||||
| CVE-2002-0179 | 1 Xpilot | 1 Xpilot | 2026-04-16 | N/A |
| Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code. | ||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | ||||
| CVE-2003-0615 | 4 Cgi.pm, Debian, Openpkg and 1 more | 5 Cgi.pm, Debian Linux, Openpkg and 2 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. | ||||
| CVE-2003-1418 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | ||||
| CVE-2003-1496 | 1 Hp | 1 Tru64 | 2026-04-16 | N/A |
| Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840. | ||||
| CVE-2003-1498 | 1 Wrensoft | 1 Zoom Search Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter. | ||||
| CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | ||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | ||||
| CVE-2003-1501 | 1 Gast Arbeiter | 1 Gast Arbeiter | 2026-04-16 | N/A |
| Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | ||||
| CVE-2003-1503 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. | ||||
| CVE-2003-1506 | 1 Daniel Barron | 1 Dansguardian | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter. | ||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2026-04-16 | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | ||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2026-04-16 | N/A |
| Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | ||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | ||||
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | ||||