Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1138 | 2 Redhat, Vim Development Group | 2 Enterprise Linux, Vim | 2026-04-16 | N/A |
| VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. | ||||
| CVE-2004-1139 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2026-04-16 | N/A |
| Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). | ||||
| CVE-2004-1140 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2026-04-16 | N/A |
| Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp. | ||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | ||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | ||||
| CVE-2005-0864 | 1 Securecomputing | 1 Samsung Adsl Modem | 2026-04-16 | N/A |
| The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | ||||
| CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2026-04-16 | N/A |
| Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | ||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | ||||
| CVE-2004-1151 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2026-04-16 | N/A |
| Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges. | ||||
| CVE-2004-1152 | 2 Adobe, Redhat | 2 Acrobat Reader, Rhel Extras | 2026-04-16 | N/A |
| Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment. | ||||
| CVE-2004-1153 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields. | ||||
| CVE-2005-0871 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | ||||
| CVE-2004-1154 | 4 Redhat, Samba, Suse and 1 more | 5 Enterprise Linux, Fedora Core, Samba and 2 more | 2026-04-16 | N/A |
| Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | ||||
| CVE-2004-1160 | 1 Netscape | 1 Navigator | 2026-04-16 | N/A |
| Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||
| CVE-2004-1161 | 2 Gentoo, Rssh | 2 Linux, Rssh | 2026-04-16 | N/A |
| rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | ||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | ||||
| CVE-2005-0935 | 1 Esmi | 1 Paypal Storefront | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php. | ||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2026-04-16 | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | ||||
| CVE-2004-1163 | 1 Cisco | 1 Cns Network Registrar | 2026-04-16 | N/A |
| Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | ||||