Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2026-04-16 | N/A |
| eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | ||||
| CVE-2002-0652 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | ||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | ||||
| CVE-2005-0876 | 1 Dnsmasq | 1 Dnsmasq | 2026-04-16 | N/A |
| Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. | ||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | ||||
| CVE-2005-0880 | 1 Vortex Portal | 1 Vortex Portal | 2026-04-16 | N/A |
| content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. | ||||
| CVE-2005-0885 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields. | ||||
| CVE-2005-0892 | 1 Smail | 1 Smail | 2026-04-16 | N/A |
| Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands. | ||||
| CVE-2005-2011 | 1 Php Arena | 1 Pafaq | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. | ||||
| CVE-2002-1570 | 1 Ucd-snmp | 1 Ucd-snmp | 2026-04-16 | N/A |
| Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. | ||||
| CVE-2003-0239 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | ||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2026-04-16 | N/A |
| The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | ||||
| CVE-2003-0241 | 1 Frontrange | 1 Goldmine | 2026-04-16 | N/A |
| FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone. | ||||
| CVE-2005-2430 | 1 Gforge | 1 Gforge | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. | ||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2026-04-16 | N/A |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | ||||
| CVE-2006-2344 | 1 Ajax Softwares | 1 Alipager | 2026-04-16 | N/A |
| SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter. | ||||
| CVE-2005-2434 | 1 Linksys | 1 Wrt54g | 2026-04-16 | N/A |
| Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. | ||||
| CVE-2005-2439 | 1 Usebb | 1 Usebb | 2026-04-16 | N/A |
| SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function. | ||||
| CVE-2005-2448 | 2 Ekg, Redhat | 2 Ekg, Enterprise Linux | 2026-04-16 | N/A |
| Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||||
| CVE-2003-0249 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report. | ||||