Export limit exceeded: 362703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2576 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
CVE-2004-2577 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
CVE-2006-4746 1 Comscripts 1 Web Server Creator 2026-04-16 N/A
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2004-2587 1 Smartertools 1 Smartermail 2026-04-16 N/A
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
CVE-2006-4747 1 Idevspot 1 Textads 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2004-2593 1 Id Software 1 Quake Ii Server 2026-04-16 N/A
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
CVE-2004-2594 1 Id Software 1 Quake Ii Server Windows 2026-04-16 N/A
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
CVE-2004-2601 1 Ubertec 1 Help Center Live 2026-04-16 N/A
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
CVE-2004-2602 1 Ubertec 1 Help Center Live 2026-04-16 N/A
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
CVE-2006-4753 1 Comscripts 1 Phprog 2026-04-16 N/A
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2004-2620 1 Paul L Daniels 1 Ripmime 2026-04-16 N/A
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.
CVE-2004-2627 1 Sun 1 J2me 2026-04-16 N/A
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
CVE-2006-4758 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
CVE-2004-2638 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
CVE-2006-4760 1 Benjamin Pasero And Tobias Eichert 1 Rssowl 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
CVE-2006-4761 1 Luke Hutteman 1 Sharpreader 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
CVE-2004-2668 1 Interchange Development Group 1 Interchange 2026-04-16 N/A
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2672 1 Argosoft 1 Ftp Server 2026-04-16 N/A
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
CVE-2006-4765 1 Netgear 1 Dg834gt 2026-04-16 N/A
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
CVE-2006-4766 1 Stefan Ernst 1 Newsscript 2026-04-16 N/A
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.