Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2149 1 Oracle 1 Mysql 2026-04-16 N/A
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
CVE-2004-2151 1 Virtual Projects 1 Chatman 2026-04-16 N/A
Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.
CVE-2004-2158 1 S9y 1 Serendipity 2026-04-16 N/A
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2006-3013 1 Eschew.net 1 Phpbannerexchange 2026-04-16 N/A
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.
CVE-2004-2161 1 Tutos 1 Tutos 2026-04-16 N/A
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-1999-0068 1 Php 1 Php 2026-04-16 N/A
CGI PHP mylog script allows an attacker to read any file on the target server.
CVE-2004-2166 1 Canon 2 Imagerunner 5000i, Imagerunner C3200 2026-04-16 N/A
The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.
CVE-2004-2169 1 A-a-s Application Access Server 1 A-a-s Application Access Server 2026-04-16 N/A
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.
CVE-1999-0069 1 Sun 1 Sunos 2026-04-16 8.4 High
Solaris ufsrestore buffer overflow.
CVE-2004-2171 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
CVE-2004-2173 1 Early Impact 1 Productcart 2026-04-16 N/A
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.
CVE-2004-2175 1 All Enthusiast Inc 1 Reviewpost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
CVE-2004-2177 1 Devoybb 1 Devoybb Web Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-3017 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
CVE-2004-2181 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2006-3020 1 Planete Afrique 1 Ws-album 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters.
CVE-2006-3022 1 Fipsasp 1 Fipsgallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2004-2189 1 Dmxready 1 Dmxready Site Chassis Manager 2026-04-16 N/A
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2190 1 Unzoo 1 Unzoo 2026-04-16 N/A
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
CVE-2004-2191 1 Turbotraffictrader 1 Turbotraffictrader Php 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.