Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1825 | 1 Mambo | 1 Mambo Open Source | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. | ||||
| CVE-1999-1377 | 1 Matt Wright | 1 Download.cgi | 2026-04-16 | N/A |
| Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | ||||
| CVE-2001-1299 | 1 Zorbat | 1 Zorbstats | 2026-04-16 | N/A |
| Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | ||||
| CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. | ||||
| CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2026-04-16 | N/A |
| MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | ||||
| CVE-2005-4471 | 1 Avaya | 1 Modular Messaging Message Storage Server | 2026-04-16 | N/A |
| POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | ||||
| CVE-1999-1379 | 1 Dnstools Software | 1 Dnstools | 2026-04-16 | N/A |
| DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker. | ||||
| CVE-1999-1381 | 1 Dbadmin | 1 Dbadmin | 2026-04-16 | N/A |
| Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands. | ||||
| CVE-2001-1300 | 1 Dynu Systems Inc. | 1 Dynu Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command. | ||||
| CVE-2004-1832 | 1 Apple | 1 Mac Os X Server | 2026-04-16 | N/A |
| Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. | ||||
| CVE-2005-2339 | 1 Msearch | 1 Unicode Msearch | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-1999-1385 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. | ||||
| CVE-2004-1835 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters. | ||||
| CVE-2004-1837 | 1 Joel Palmius | 1 Mod Survey | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings. | ||||
| CVE-2005-1436 | 1 Osticket | 1 Osticket | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. | ||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | ||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | ||||
| CVE-2006-0769 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | ||||