Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1464 1 Siemens 2 M45, S45 2026-04-16 N/A
Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.
CVE-2003-1512 1 Khaled Mardam-bey 1 Mirc 2026-04-16 N/A
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
CVE-2003-1489 1 Truegalerie 1 Truegalerie 2026-04-16 N/A
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
CVE-2004-0502 1 Microsoft 1 Outlook 2026-04-16 N/A
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
CVE-2004-0504 3 Ethereal Group, Redhat, Sgi 3 Ethereal, Enterprise Linux, Propack 2026-04-16 N/A
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
CVE-2004-0512 1 Sco 1 Openserver 2026-04-16 N/A
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
CVE-2004-0524 1 Thiago Melo De Paula 1 Change Passwd 2026-04-16 N/A
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
CVE-2003-1513 1 Caucho Technology 1 Resin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
CVE-2004-0534 1 Businessobjects 2 Infoview, Webintelligence 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
CVE-2004-1723 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
CVE-2004-1648 1 Web Animations 1 Password Protect 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.
CVE-2004-1636 1 Net Integration Technologies Inc. 1 Wvtftp 2026-04-16 N/A
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
CVE-2004-1624 1 Altiris 1 Carbon Copy 2026-04-16 N/A
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
CVE-2004-1615 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.
CVE-2003-0845 2 Jboss, Redhat 2 Jboss, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
CVE-2004-1582 1 Blackboard Internet Newsboard System 1 Blackboard Internet Newsboard System 2026-04-16 N/A
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
CVE-2004-1529 1 Rob Sutton 1 Php-nuke Event Calendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
CVE-2004-2745 1 Anteco Visual Technologies 1 Ownserver 2026-04-16 N/A
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2003-0665 1 Microsoft 1 Access 2026-04-16 N/A
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
CVE-2004-1536 1 Ipbproarcade 1 Ipbproarcade 2026-04-16 N/A
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.