Export limit exceeded: 348863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. | ||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | ||||
| CVE-2004-1606 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | ||||
| CVE-2005-1386 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | ||||
| CVE-2005-2854 | 1 Thesitewizard.com | 1 Chfeedback.pl Feedback Form Perl Script | 2026-04-16 | N/A |
| CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers. | ||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | ||||
| CVE-2005-3253 | 2 Avaya, Proxim | 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more | 2026-04-16 | N/A |
| Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. | ||||
| CVE-2004-1607 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | ||||
| CVE-2005-1391 | 1 Apsis | 1 Pound | 2026-04-16 | N/A |
| Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | ||||
| CVE-2005-2855 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. | ||||
| CVE-2005-3080 | 1 Geshi | 1 Geshi | 2026-04-16 | N/A |
| contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. | ||||
| CVE-2005-3255 | 1 Nathan Neulinger | 1 Cgiwrap | 2026-04-16 | N/A |
| The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. | ||||
| CVE-2004-1608 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation. | ||||
| CVE-2005-1392 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | ||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2026-04-16 | N/A |
| wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. | ||||
| CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | ||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | ||||
| CVE-2005-1403 | 1 Just Williams | 1 Amazon Webstore | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. | ||||
| CVE-2004-1611 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707. | ||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2026-04-16 | N/A |
| Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | ||||