Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3544 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
CVE-2004-2454 1 Amsn 1 Amsn 2026-04-16 N/A
aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
CVE-2004-0904 4 Conectiva, Mozilla, Netscape and 1 more 10 Linux, Firefox, Mozilla and 7 more 2026-04-16 N/A
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2004-2464 1 Ada 1 Imgsvr 2026-04-16 N/A
Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected.
CVE-2006-0083 1 Stefan Frings 1 Sms Server Tools 2026-04-16 N/A
Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.
CVE-2005-1219 1 Microsoft 1 Image Color Management 2026-04-16 N/A
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
CVE-2006-0091 1 Open-xchange 1 Open-xchange 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.
CVE-2004-2468 1 Scripts For Educators 1 Sillysearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2005-2183 1 Phpxmail 1 Phpxmail 2026-04-16 N/A
class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
CVE-2006-0099 1 Valdersoft 1 Valdersoft Shopping Cart 2026-04-16 N/A
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.
CVE-2006-3545 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3
CVE-2004-2469 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations.
CVE-2004-0787 1 Openca 1 Openca 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields.
CVE-2004-2470 1 Madbms 1 Madbms 2026-04-16 N/A
Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.
CVE-2006-3546 1 Ada 1 Imgsvr 2026-04-16 N/A
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
CVE-2004-0813 2 Ide-cd, Redhat 2 Ide-cd, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
CVE-2004-2471 1 Jamesoff 1 Quoteengine 2026-04-16 N/A
SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-0850 1 Joerg Schilling 1 Star Tape Archiver 2026-04-16 N/A
Star before 1.5_alpha46 does not drop the effective user ID (euid) before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program.
CVE-2004-2472 1 Agnitum 1 Outpost Firewall 2026-04-16 N/A
Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro.
CVE-2004-2542 1 Dynix 1 Webpac 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.