Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0782 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2026-04-16 N/A
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVE-2004-0354 1 Gnu 1 Anubis 2026-04-16 N/A
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVE-2004-0781 1 Icecast 1 Icecast 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.
CVE-2004-0750 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
CVE-2004-0749 2 Gentoo, Subversion 2 Linux, Subversion 2026-04-16 N/A
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
CVE-2004-0746 5 Gentoo, Kde, Mandrakesoft and 2 more 6 Linux, Kde, Konqueror and 3 more 2026-04-16 N/A
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2004-0743 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
CVE-2004-0740 1 Lexmark 1 T522 Network Printer 2026-04-16 N/A
The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
CVE-2004-0735 1 Electronic Arts 1 Medal Of Honor Allied Assault 2026-04-16 N/A
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
CVE-2004-0707 1 Mozilla 1 Bugzilla 2026-04-16 N/A
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
CVE-2006-2566 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.
CVE-2004-0700 3 Gentoo, Mod Ssl, Redhat 5 Linux, Mod Ssl, Enterprise Linux and 2 more 2026-04-16 N/A
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
CVE-2004-0353 1 Gnu 1 Anubis 2026-04-16 N/A
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
CVE-2006-2565 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.
CVE-2004-0656 1 Pureftpd 1 Pureftpd 2026-04-16 N/A
The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
CVE-2004-0647 1 Shorewall 1 Shorewall 2026-04-16 N/A
shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.
CVE-2006-3803 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
CVE-2004-0352 1 Cisco 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more 2026-04-16 N/A
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
CVE-2006-2564 1 Alstrasoft 1 E-friends 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
CVE-2005-4653 1 Al-caricatier 1 Al-caricatier 2026-04-16 N/A
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.