Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter. | ||||
| CVE-2004-0662 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message. | ||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2026-04-16 | N/A |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | ||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | ||||
| CVE-2004-2462 | 1 Cplay | 1 Cplay | 2026-04-16 | N/A |
| cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file. | ||||
| CVE-2004-2500 | 1 Ilohamail | 1 Ilohamail | 2026-04-16 | N/A |
| Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors. | ||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | ||||
| CVE-2004-0775 | 1 Widcomm | 2 Bluetooth Communication Software, Btstackserver | 2026-04-16 | N/A |
| Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. | ||||
| CVE-2005-3378 | 1 Norman | 1 Norman Virus Control | 2026-04-16 | N/A |
| Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2004-0808 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||||
| CVE-2006-3685 | 1 Czaries Network | 1 Czarnews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. | ||||
| CVE-2004-0871 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | ||||
| CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | ||||
| CVE-2004-0873 | 1 Apple | 2 Ichat, Ichat Av | 2026-04-16 | N/A |
| Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program. | ||||
| CVE-2004-0869 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | ||||
| CVE-2005-3385 | 1 Techno Dreams | 1 Mailing List | 2026-04-16 | N/A |
| SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | ||||
| CVE-2005-3388 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | ||||
| CVE-2005-3396 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. | ||||
| CVE-2004-0950 | 1 Danware Data | 1 Netop | 2026-04-16 | N/A |
| NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request. | ||||
| CVE-2005-3403 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. | ||||