Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. | ||||
| CVE-2004-0550 | 2 Realnetworks, Redhat | 2 Realplayer, Rhel Extras | 2026-04-16 | N/A |
| Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters. | ||||
| CVE-2004-0686 | 3 Redhat, Samba, Trustix | 3 Enterprise Linux, Samba, Secure Linux | 2026-04-16 | N/A |
| Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | ||||
| CVE-2004-0691 | 2 Redhat, Trolltech | 2 Enterprise Linux, Qt | 2026-04-16 | N/A |
| Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | ||||
| CVE-2006-4893 | 1 Phpbb Xs | 1 Phpbb Xs | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. | ||||
| CVE-2006-4895 | 1 Idevspot | 1 Nixieaffiliate | 2026-04-16 | N/A |
| IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | ||||
| CVE-2006-4899 | 1 Broadcom | 1 Etrust Security Command Center | 2026-04-16 | N/A |
| The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. | ||||
| CVE-2004-0714 | 1 Cisco | 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). | ||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2026-04-16 | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | ||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | ||||
| CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | ||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | ||||
| CVE-2004-0733 | 1 Ollydbg | 1 Ollydbg | 2026-04-16 | N/A |
| Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call. | ||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2026-04-16 | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | ||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2026-04-16 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2006-4917 | 1 Pt News | 1 Pt News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. | ||||
| CVE-2006-4918 | 1 Simple Discussion Board | 1 Simple Discussion Board | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | ||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | ||||