Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1381 1 Mozilla 2 Firefox, Mozilla 2026-04-16 N/A
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
CVE-2004-1600 1 Coolphp 1 Coolphp 2026-04-16 N/A
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message.
CVE-2005-0887 1 Michael Dean 1 Double Choco Latte 2026-04-16 N/A
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
CVE-2005-0888 1 Michael Dean 1 Double Choco Latte 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
CVE-2006-4887 1 Apple 2 Apple Remote Desktop, Mac Os X 2026-04-16 N/A
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVE-2006-4118 1 Chaossoft 1 Geheimchaos 2026-04-16 N/A
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.
CVE-2004-1604 1 Cpanel 1 Cpanel 2026-04-16 N/A
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
CVE-2006-4119 1 Chaossoft 1 Geheimchaos 2026-04-16 N/A
SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2085 1 Brad Fears 1 Phpcodecabinet 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.
CVE-2004-2088 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
CVE-2004-2117 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.
CVE-2004-2120 1 Reptile Web Server 1 Reptile Web Server 2026-04-16 N/A
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
CVE-2004-2131 1 Ibm 2 Informix Dynamic Server, Informix Extended Parallel Server 2026-04-16 N/A
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
CVE-2002-2065 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
CVE-2004-2132 1 Pj Cgi Neo Review 1 Pj Cgi Neo Review 2026-04-16 N/A
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
CVE-2005-0002 1 Gentoo 1 Poppassd Pam 2026-04-16 N/A
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
CVE-2005-1060 1 Novell 1 Netware 2026-04-16 N/A
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
CVE-2002-2081 1 Microsoft 2 Site Server, Site Server Commerce 2026-04-16 N/A
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
CVE-2005-0005 7 Debian, Gentoo, Graphicsmagick and 4 more 7 Debian Linux, Linux, Graphicsmagick and 4 more 2026-04-16 N/A
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVE-2005-0016 1 Gatos 1 Gatos 2026-04-16 N/A
Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code.