Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4049 1 Netart Media 1 Blog System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.
CVE-2004-1643 1 Progress 1 Ws Ftp Server 2026-04-16 N/A
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
CVE-2004-1647 1 Web Animations 1 Password Protect 2026-04-16 N/A
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
CVE-2004-1652 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
CVE-2005-4051 1 E107 1 E107 2026-04-16 N/A
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
CVE-2004-1655 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
CVE-2005-4054 1 Pluggedout 1 Pluggedout Blog 2026-04-16 N/A
SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
CVE-2005-4057 1 Jonathan Beckett 1 Pluggedout Nexus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters.
CVE-2004-1657 1 Newtelligence 1 Dasblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
CVE-2004-1659 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
CVE-2005-4059 1 Locazo 1 Locazolist 2026-04-16 N/A
SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVE-2004-1661 1 Sitecubed 1 Mailworks Professional 2026-04-16 N/A
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
CVE-2004-1662 1 Yabb 1 Yabb 2026-04-16 N/A
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
CVE-2003-0292 1 Inktomi 1 Inktomi Traffic-server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
CVE-2004-1762 1 F-secure 1 F-secure Anti-virus 2026-04-16 N/A
Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.
CVE-2004-1764 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
CVE-2004-1766 1 Juniper 1 Netscreen-security Manager 2004 2026-04-16 N/A
The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.
CVE-2004-1773 2 Gnu, Redhat 2 Sharutils, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
CVE-2004-1774 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
CVE-2004-1794 1 Vcard4j 1 Vcard4j 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.