Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2354 | 2 Francisco Burzi, Warpspeed | 2 Php-nuke, 4nguestbook | 2025-04-03 | N/A |
| SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered. | ||||
| CVE-2004-2353 | 1 Incogen | 1 Bugport | 2025-04-03 | N/A |
| BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2004-2361 | 1 Digital Reality | 2 Desert Rats Vs. Afrika Korps, Haegemonia | 2025-04-03 | N/A |
| Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0, allows remote attackers to cause a denial of service (crash) via a chat message with a large message size, which triggers an out-of-bounds read. | ||||
| CVE-2004-2369 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | N/A |
| Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. | ||||
| CVE-2004-2377 | 1 Alcatel | 2 Omniswitch, Omniswitch 7800 | 2025-04-03 | N/A |
| Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. | ||||
| CVE-2004-2394 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2025-04-03 | N/A |
| Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. | ||||
| CVE-2004-2403 | 1 Yabb | 1 Yabb | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | ||||
| CVE-2004-2405 | 1 F-secure | 4 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 1 more | 2025-04-03 | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | ||||
| CVE-2004-2412 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | ||||
| CVE-2004-2421 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2025-04-03 | N/A |
| Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights. | ||||
| CVE-2004-2392 | 2 Mandrakesoft, Redhat | 3 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux | 2025-04-03 | N/A |
| libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. | ||||
| CVE-2004-2428 | 1 Abczone.it | 1 Wwwguestbook | 2025-04-03 | N/A |
| Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. | ||||
| CVE-2004-2446 | 1 1st Class Internet Solutions | 1 1st Class Mail Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors. | ||||
| CVE-2004-2436 | 1 Broadcom | 3 Common Services, Unicenter Network And Systems Management, Unicenter Serviceplus Service Desk | 2025-04-03 | N/A |
| Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges. | ||||
| CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2025-04-03 | N/A |
| The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | ||||
| CVE-2004-2475 | 1 Google | 1 Toolbar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. | ||||
| CVE-2004-2479 | 2 National Science Foundation, Redhat | 2 Squid Web Proxy Cache, Enterprise Linux | 2025-04-03 | N/A |
| Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. | ||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | ||||
| CVE-2004-2497 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2004-2472 | 1 Agnitum | 1 Outpost Firewall | 2025-04-03 | N/A |
| Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | ||||