Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0462 2026-04-16 N/A
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
CVE-2004-0465 1 Openconnect 1 Webconnect 2026-04-16 N/A
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
CVE-2004-0466 1 Openconnect 1 Webconnect 2026-04-16 N/A
WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
CVE-2004-0468 1 Juniper 1 Junos 2026-04-16 N/A
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
CVE-2004-0469 1 Checkpoint 4 Firewall-1, Next Generation, Ng-ai and 1 more 2026-04-16 N/A
Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.
CVE-2004-0470 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
CVE-2004-0471 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
CVE-2004-0474 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
CVE-2005-1857 1 Simpleproxy 1 Simpleproxy 2026-04-16 N/A
Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.
CVE-2005-1858 1 Fuse 1 Fuse 2026-04-16 N/A
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
CVE-2005-1864 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-2005-1865 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-1866 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
CVE-2005-1869 1 Appindex 1 Mwchat 2026-04-16 N/A
PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.
CVE-2005-1870 1 Popper 1 Popper 2026-04-16 N/A
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.
CVE-2005-1871 1 Drupal 1 Drupal 2026-04-16 N/A
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
CVE-2005-1872 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.
CVE-2005-1873 1 Crob 1 Crob Ftp 2026-04-16 N/A
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.
CVE-2005-1874 1 Evan Wagner 1 Dzip 2026-04-16 N/A
Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive.
CVE-2005-1875 1 Exhibit Engine 1 Exhibit Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.