Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1230 1 Freebsd 1 Freebsd 2026-04-16 N/A
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
CVE-2004-1421 1 Whm 1 Whm Autopilot 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1438 1 Subversion 1 Subversion 2026-04-16 N/A
The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
CVE-2004-2567 1 Recipants 1 Recipants 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
CVE-2005-3129 1 S9y 1 Serendipity 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
CVE-2004-1439 1 Sapporoworks 1 Black Jumbodog 2026-04-16 N/A
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
CVE-2004-1244 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
CVE-2004-1448 1 Jetbox 1 Jetbox One Cms 2026-04-16 N/A
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.
CVE-2001-1320 1 Pgp 1 Keyserver 2026-04-16 N/A
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2002-0022 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
CVE-2004-1262 1 Stuart Cunningham 1 Bsb2ppm 2026-04-16 N/A
Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures.
CVE-2004-2583 1 Smartertools 1 Smartermail 2026-04-16 N/A
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
CVE-2005-2390 1 Proftpd Project 1 Proftpd 2026-04-16 N/A
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
CVE-2006-3369 1 Iduprey 1 Kamikaze-qscm 2026-04-16 N/A
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3370 1 Bb-news 1 Blueboy 2026-04-16 N/A
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2005-2504 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
CVE-2005-2465 2 Pc-experience, Toppe 2 Pc-experience, Toppe Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.
CVE-2001-1324 1 Paul Jarc 1 Idtools 2026-04-16 N/A
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
CVE-2002-0024 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.
CVE-2005-2508 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.