Search Results (363081 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1580 1 Devellion 1 Cubecart 2026-04-16 N/A
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2004-1518 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
CVE-2004-2741 1 Horde 1 Application Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
CVE-2004-1516 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.
CVE-2003-0611 1 Xtokkaetama 1 Xtokkaetama 2026-04-16 N/A
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable.
CVE-2004-2736 1 Polar Software 1 Helpdesk 2026-04-16 N/A
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
CVE-2004-1509 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.
CVE-2003-0502 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVE-2004-1494 1 Kingsoft 1 Xdict 2026-04-16 N/A
Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string.
CVE-2003-0467 1 Linux 1 Linux Kernel 2026-04-16 N/A
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.
CVE-2004-1493 1 Quicksilver 1 Master Of Orion Iii 2026-04-16 N/A
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.
CVE-2003-0462 3 Linux, Mandrakesoft, Redhat 6 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 3 more 2026-04-16 N/A
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
CVE-2004-1491 4 Gentoo, Kde, Opera and 1 more 4 Linux, Kde, Opera Browser and 1 more 2026-04-16 N/A
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVE-2004-1486 1 Hp 2 Cluster Object Manager, Serviceguard 2026-04-16 N/A
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.
CVE-2004-1484 1 Socat 1 Socat 2026-04-16 N/A
Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.
CVE-2003-0375 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.
CVE-2003-0365 1 Icq Inc 1 Icqlite 2026-04-16 N/A
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
CVE-2004-1475 1 Xine 2 Xine, Xine-lib 2026-04-16 N/A
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
CVE-2003-0361 1 Debian 1 Debian Linux 2026-04-16 N/A
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
CVE-2003-0308 2 Debian, Sendmail 2 Debian Linux, Sendmail 2026-04-16 N/A
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.