Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2370 1 Cerulean Studios 2 Trillian, Trillian Pro 2026-04-16 N/A
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
CVE-2005-4329 1 Php Arena 1 Pafiledb 2026-04-16 N/A
SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.
CVE-2004-2373 1 Aol 1 Instant Messenger 2026-04-16 N/A
The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
CVE-2005-4332 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-16 N/A
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
CVE-2004-2374 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.
CVE-2005-4333 1 Binary-concepts 1 Binary Board System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
CVE-2004-2375 1 1st Class Internet Solutions 1 1st Class Mail Server 2026-04-16 N/A
Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest).
CVE-2005-4335 1 Courseforum 1 Projectforum 2026-04-16 N/A
ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.
CVE-2004-2378 1 Calacode 1 At Mail Webmail System 2026-04-16 N/A
@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
CVE-2005-4344 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
CVE-2004-2379 1 Calacode 1 At Mail Webmail System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
CVE-2004-2382 1 Perfectnav 1 Perfectnav 2026-04-16 N/A
The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".
CVE-2005-4346 1 Anthony Boyd 1 Phpbb Blog 2026-04-16 N/A
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.
CVE-2004-2521 1 Geeos Team 1 Gattaca Server 2003 2026-04-16 N/A
Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).
CVE-2005-4419 1 Quicksquare Development 2 Honeycomb Archive, Honeycomb Archive Enterprise 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.
CVE-2005-4428 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
CVE-2004-2540 1 Sun 2 Jdk, Jre 2026-04-16 N/A
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
CVE-2005-4429 1 Cs-cart 1 Cs-cart 2026-04-16 N/A
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
CVE-2004-2550 1 Xperience 1 Sandsurfer 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.
CVE-2004-2556 1 Netgear 1 Wg602 2026-04-16 N/A
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.