Export limit exceeded: 345220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345220 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2026-04-16 | N/A |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
| CVE-2003-1564 | 2 Redhat, Xmlsoft | 2 Enterprise Linux, Libxml2 | 2026-04-16 | 6.5 Medium |
| libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | ||||
| CVE-2006-3684 | 1 Softcomplex | 1 Php Event Calendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extract function call. | ||||
| CVE-2006-3685 | 1 Czaries Network | 1 Czarnews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. | ||||
| CVE-1999-0706 | 2 Isc, Redhat | 2 Inn, Linux | 2026-04-16 | N/A |
| Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. | ||||
| CVE-2004-0062 | 1 Fishnet | 1 Fishcart | 2026-04-16 | N/A |
| Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. | ||||
| CVE-2004-0002 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. | ||||
| CVE-2004-0008 | 3 Redhat, Rob Flynn, Ultramagnetic | 4 Enterprise Linux, Linux, Gaim and 1 more | 2026-04-16 | N/A |
| Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | ||||
| CVE-2004-0013 | 1 Jabber Software Foundation | 1 Jabber Server | 2026-04-16 | N/A |
| jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2004-0017 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | ||||
| CVE-2004-0038 | 1 Mcafee | 1 Epolicy Orchestrator | 2026-04-16 | N/A |
| McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | ||||
| CVE-2004-0044 | 1 Cisco | 1 Personal Assistant | 2026-04-16 | N/A |
| Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. | ||||
| CVE-2004-0045 | 1 Isc | 1 Inn | 2026-04-16 | N/A |
| Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. | ||||
| CVE-2004-0067 | 1 Phpgedview | 1 Phpgedview | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1. | ||||
| CVE-2004-0070 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2004-0073 | 1 Stoitsov | 1 Easydynamicpages | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. | ||||
| CVE-2004-0084 | 3 Openbsd, Redhat, Xfree86 Project | 4 Openbsd, Enterprise Linux, Linux and 1 more | 2026-04-16 | N/A |
| Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | ||||
| CVE-2004-0094 | 2 Redhat, Xfree86 Project | 2 Enterprise Linux, X11r6 | 2026-04-16 | N/A |
| Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | ||||
| CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | ||||
| CVE-2004-0128 | 1 Phpgedview | 1 Phpgedview | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. | ||||