Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1584 1 Wordpress 1 Wordpress 2026-04-16 N/A
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
CVE-2006-2958 1 Filzip 1 Filzip 2026-04-16 N/A
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2072 1 Mambo 1 Mambo Open Source 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
CVE-1999-0065 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
CVE-2004-2094 1 Darkwet 1 Webcam Xp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.
CVE-2004-2099 1 Electronic Arts 1 Need For Speed Hot Pursuit 2 2026-04-16 N/A
Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands.
CVE-2004-2108 1 Quadcomm 1 Q-shop 2026-04-16 N/A
Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.
CVE-2004-2109 1 Quadcomm 1 Q-shop 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.
CVE-2004-2110 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2004-2112 1 Herberlin 1 Bremsserver 2026-04-16 N/A
Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.
CVE-2004-2115 1 Oracle 1 Http Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
CVE-2004-2118 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow.
CVE-2006-2996 1 Lovecompass 1 Aepartner 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter.
CVE-2004-2123 1 Nextplace 1 E-commerce Asp Engine 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp.
CVE-2004-0340 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
CVE-2004-2130 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
CVE-2004-2137 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
CVE-2006-2997 1 Zms Publishing 1 Zms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
CVE-2004-2138 1 Allwebscripts 1 Mysqlguest 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field.
CVE-2006-3000 1 Okscripts 1 Okarticles 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkArticles 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.