Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1809 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. | ||||
| CVE-2004-1811 | 1 Hp | 1 Ssl Http Server | 2026-04-16 | N/A |
| The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates. | ||||
| CVE-2004-1814 | 1 Vocaltec | 1 Vgw4 8 Telephony Gateway | 2026-04-16 | N/A |
| Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp. | ||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. | ||||
| CVE-2004-1830 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. | ||||
| CVE-2004-1831 | 1 Techland | 1 Chrome | 2026-04-16 | N/A |
| Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. | ||||
| CVE-2006-1457 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | ||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | ||||
| CVE-2006-1885 | 1 Oracle | 1 Enterprise Manager | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02. | ||||
| CVE-2004-1832 | 1 Apple | 1 Mac Os X Server | 2026-04-16 | N/A |
| Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. | ||||
| CVE-2004-1833 | 1 Borland Software | 1 Interbase | 2026-04-16 | N/A |
| The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. | ||||
| CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | ||||
| CVE-2004-1837 | 1 Joel Palmius | 1 Mod Survey | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings. | ||||
| CVE-2004-1838 | 1 Xweb | 1 Xweb | 2026-04-16 | N/A |
| Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2006-1886 | 1 Oracle | 1 Peoplesoft Enterprise | 2026-04-16 | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01. | ||||
| CVE-2004-1847 | 1 Expinion.net | 1 News Manager Lite | 2026-04-16 | N/A |
| News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | ||||
| CVE-2004-1855 | 1 Mythic Entertainment | 1 Dark Age Of Camelot | 2026-04-16 | N/A |
| Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2026-04-16 | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | ||||
| CVE-2006-1891 | 1 Betaboard | 1 Betaboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | ||||
| CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | ||||