Search Results (363856 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2196 1 Apple 1 Airport Card 2026-04-16 N/A
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
CVE-2004-2265 1 Uudeview 1 Uudeview 2026-04-16 N/A
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.
CVE-2005-4089 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
CVE-2005-4083 1 Phpbb Styles 1 Extreme Styles Phpbb Module 2026-04-16 N/A
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.
CVE-2003-1524 1 Pgpi 1 Pgpdisk 2026-04-16 N/A
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
CVE-2005-4075 1 Mycfnuke 1 Cf Nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector.
CVE-2002-2294 1 Symantec 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more 2026-04-16 N/A
Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd).
CVE-2003-0230 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
CVE-2003-0232 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
CVE-2003-0423 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
CVE-2003-0552 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
CVE-2003-0904 1 Microsoft 3 Exchange Server, Sharepoint Services, Windows Server 2003 2026-04-16 N/A
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
CVE-2004-2116 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.
CVE-2004-2125 1 Iss 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more 2026-04-16 N/A
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
CVE-2004-2262 1 E107 1 E107 2026-04-16 N/A
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
CVE-2005-1859 1 Sgi 1 Propack 2026-04-16 N/A
Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
CVE-2005-2219 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
CVE-2005-2225 1 Microsoft 1 Msn Messenger Service 2026-04-16 N/A
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
CVE-2005-2245 1 F5 1 Tmos 2026-04-16 N/A
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.
CVE-2006-3538 1 Beatificfaith 1 Eprayer 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field.