Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0540 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2004-0550 2 Realnetworks, Redhat 2 Realplayer, Rhel Extras 2026-04-16 N/A
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
CVE-2004-0686 3 Redhat, Samba, Trustix 3 Enterprise Linux, Samba, Secure Linux 2026-04-16 N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2004-0691 2 Redhat, Trolltech 2 Enterprise Linux, Qt 2026-04-16 N/A
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
CVE-2006-4893 1 Phpbb Xs 1 Phpbb Xs 2026-04-16 N/A
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
CVE-2006-4895 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
CVE-2006-4899 1 Broadcom 1 Etrust Security Command Center 2026-04-16 N/A
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
CVE-2004-0714 1 Cisco 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software 2026-04-16 N/A
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
CVE-2006-4906 1 Marc Logemann 1 More.groupware 2026-04-16 N/A
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
CVE-2004-0715 1 Bea 1 Weblogic Server 2026-04-16 N/A
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
CVE-2006-4911 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
CVE-2006-4912 1 Php Docwriter 1 Php Docwriter 2026-04-16 N/A
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
CVE-2004-0733 1 Ollydbg 1 Ollydbg 2026-04-16 N/A
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
CVE-2006-4914 1 A.l-pifou 1 A.l-pifou 2026-04-16 N/A
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CVE-2006-4916 1 Asp Indir 1 Tekman Portal 2026-04-16 N/A
SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
CVE-2004-0746 5 Gentoo, Kde, Mandrakesoft and 2 more 6 Linux, Kde, Konqueror and 3 more 2026-04-16 N/A
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2006-4917 1 Pt News 1 Pt News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
CVE-2006-4918 1 Simple Discussion Board 1 Simple Discussion Board 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
CVE-2006-4919 1 Siteatschool 1 Siteatschool 2026-04-16 N/A
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2006-4920 1 Siteatschool 1 Siteatschool 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.