Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0673 1 Simm-comm 1 Sci Photo Chat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.
CVE-2005-3441 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.
CVE-2004-0684 1 Ibm 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy 2026-04-16 N/A
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
CVE-2005-3442 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service.
CVE-2005-4072 1 Cfmagic 1 Magic Forum Personal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.
CVE-2005-3443 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.
CVE-2005-3444 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.
CVE-2005-4772 1 Suse 5 Suse Linux, Suse Linux Openexchange Server, Suse Linux School Server and 2 more 2026-04-16 N/A
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
CVE-2004-1176 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2004-1181 1 Toshiaki Kanosue 1 Htmlheadline 2026-04-16 N/A
htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1348 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
CVE-2006-2497 1 Aspbb 1 Aspbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.
CVE-2006-2502 1 Cyrus 1 Imapd 2026-04-16 N/A
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2006-2507 1 Teake Nutma 1 Foing 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.
CVE-2006-2510 1 Yourfreeworld 1 Short Url And Url Tracker Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs.
CVE-2005-1012 1 Iatek 1 Siteenable 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description.
CVE-2005-4800 1 Yapig 1 Yapig 2026-04-16 N/A
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
CVE-2006-2404 1 Radscripts 1 Radlance 2026-04-16 N/A
Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
CVE-2004-0623 1 Gnu 1 Gnats 2026-04-16 N/A
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
CVE-2004-1358 1 Sun 1 Solaris 2026-04-16 N/A
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.