Search Results (362653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1408 1 Singapore 1 Image Gallery Web Application 2026-04-16 N/A
The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.
CVE-2004-1409 1 Singapore 1 Image Gallery Web Application 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
CVE-2006-2041 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-1410 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
CVE-2004-1411 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-16 N/A
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
CVE-2004-1412 1 Kayako 1 Esupport 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
CVE-2004-1413 1 Kayako 1 Esupport 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.
CVE-2006-2043 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
CVE-1999-0532 2026-04-16 N/A
A DNS server allows zone transfers.
CVE-2006-2044 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.
CVE-2004-1414 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2026-04-16 N/A
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
CVE-2004-1415 1 Ben3w 1 2bgal 2026-04-16 N/A
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
CVE-2006-2045 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.
CVE-2004-1416 2 Microsoft, Realnetworks 2 Internet Explorer, Realone Player 2026-04-16 N/A
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
CVE-2006-2046 1 Application Dynamics 1 Cartweaver Coldfusion 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
CVE-2004-1417 1 Psychostats 1 Psychostats 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVE-2004-1421 1 Whm 1 Whm Autopilot 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1423 1 Php-calendar 1 Php-calendar 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2006-2048 1 Phpwebftp 1 Phpwebftp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2.
CVE-2004-1426 1 Korweblog 1 Korweblog 2026-04-16 N/A
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.