Export limit exceeded: 345031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2163 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | ||||
| CVE-2005-3717 | 1 Utstarcom | 1 F1000 Voip Wifi Phone | 2026-04-16 | N/A |
| The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system. | ||||
| CVE-2005-3723 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2026-04-16 | N/A |
| Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service. | ||||
| CVE-2005-3729 | 1 Revize Cms | 1 Revize Cms | 2026-04-16 | N/A |
| Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. | ||||
| CVE-2004-2172 | 1 Netsourcecommerce | 1 Productcart | 2026-04-16 | 7.5 High |
| EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | ||||
| CVE-2005-3718 | 1 Utstarcom | 1 F1000 Voip Wifi Phone | 2026-04-16 | N/A |
| UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication. | ||||
| CVE-2005-3730 | 1 Revize Cms | 1 Revize Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. | ||||
| CVE-2004-2175 | 1 All Enthusiast Inc | 1 Reviewpost Php Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. | ||||
| CVE-2005-3731 | 1 Yassl | 1 Yassl | 2026-04-16 | N/A |
| Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." | ||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2026-04-16 | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | ||||
| CVE-2004-2184 | 1 Digicraft Software | 1 Yak | 2026-04-16 | N/A |
| Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put. | ||||
| CVE-2004-2185 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage. | ||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | ||||
| CVE-2005-3732 | 2 Ipsec-tools, Redhat | 2 Ipsec-tools, Enterprise Linux | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||
| CVE-2004-2190 | 1 Unzoo | 1 Unzoo | 2026-04-16 | N/A |
| Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors. | ||||
| CVE-2004-2199 | 1 Duware | 1 Duclassified | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. | ||||
| CVE-2005-3733 | 1 Juniper | 8 Junos E, Junos J, Junos M and 5 more | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2005-3735 | 1 Coastal Data Management | 1 E-quick Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | ||||
| CVE-2005-3739 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. | ||||
| CVE-2005-3746 | 1 Apboard | 1 Apboard | 2026-04-16 | N/A |
| SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter. | ||||