Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1873 1 Alan Ward 1 A-cart 2026-04-16 N/A
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
CVE-2004-1874 1 Alan Ward 1 A-cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.
CVE-2004-1876 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
CVE-2004-1877 1 Oracle 2 Application Server, Http Server 2026-04-16 N/A
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
CVE-2004-1878 1 Linbit Technologies 1 Linbox Officeserver 2026-04-16 N/A
LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
CVE-2004-1879 1 Phpkit 1 Phpkit 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.
CVE-2004-1880 1 Openldap 1 Openldap 2026-04-16 N/A
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1881 1 Cactusoft 1 Cactushop 2026-04-16 N/A
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
CVE-2004-1882 1 Cactusoft 1 Cactushop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
CVE-2004-1934 1 Isesam 1 Gemitel 2026-04-16 N/A
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.
CVE-2004-2759 1 Sun 4 Storedge Qfs, Storedge Sam-qfs, Storeedge Performance Suite and 1 more 2026-04-16 N/A
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.
CVE-2005-0017 1 F2c Open Source Project 1 F2c Translator 2026-04-16 N/A
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
CVE-2005-0018 1 F2c Open Source Project 1 F2c Translator 2026-04-16 N/A
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
CVE-2005-0021 2 Redhat, University Of Cambridge 2 Enterprise Linux, Exim 2026-04-16 N/A
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
CVE-2005-0022 2 Redhat, University Of Cambridge 2 Enterprise Linux, Exim 2026-04-16 N/A
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
CVE-2005-0023 1 Gnome 2 Libvte4, Libzvt2 2026-04-16 N/A
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
CVE-2005-0033 1 Isc 1 Bind 2026-04-16 N/A
Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.
CVE-2005-0034 1 Isc 1 Bind 2026-04-16 N/A
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
CVE-2005-0035 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.
CVE-2005-0036 2 Delegate, Etl 2 Delegate, Delegate 2026-04-16 N/A
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.