Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1668 1 Easyweb 1 Factory Subjects Module 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
CVE-2004-1671 1 Icewarp 1 Web Mail 2026-04-16 N/A
Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.
CVE-2006-1862 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
CVE-2004-1684 1 Zyxel 2 Prestige, Zynos 2026-04-16 N/A
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2004-1686 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
CVE-2004-1688 1 Tech-noel 1 Pigeon Server 2026-04-16 N/A
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
CVE-2004-1689 1 Todd Miller 1 Sudo 2026-04-16 N/A
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
CVE-2004-1702 1 Gnu 1 Cfengine 2026-04-16 N/A
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
CVE-2006-1878 1 Phpfaber 1 Topsites 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1879 1 Oracle 1 Collaboration Suite 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04.
CVE-2004-1808 1 Metamail Corporation 1 Metamail 2026-04-16 N/A
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2004-1809 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
CVE-2004-1811 1 Hp 1 Ssl Http Server 2026-04-16 N/A
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
CVE-2004-1814 1 Vocaltec 1 Vgw4 8 Telephony Gateway 2026-04-16 N/A
Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp.
CVE-2004-1830 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
CVE-2004-1831 1 Techland 1 Chrome 2026-04-16 N/A
Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read.
CVE-2006-1457 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
CVE-2006-1883 1 Oracle 1 E-business Suite 2026-04-16 N/A
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05.
CVE-2006-1886 1 Oracle 1 Peoplesoft Enterprise 2026-04-16 N/A
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01.
CVE-2004-1847 1 Expinion.net 1 News Manager Lite 2026-04-16 N/A
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.