Export limit exceeded: 16295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1485 | 2 Gnu, Tftp | 2 Inetutils, Tftp | 2025-04-03 | N/A |
| Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | ||||
| CVE-2004-1486 | 1 Hp | 2 Cluster Object Manager, Serviceguard | 2025-04-03 | N/A |
| Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors. | ||||
| CVE-2004-1487 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2025-04-03 | N/A |
| wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | ||||
| CVE-2004-1488 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2025-04-03 | N/A |
| wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | ||||
| CVE-2004-1495 | 1 Rarlab | 1 Winrar | 2025-04-03 | N/A |
| The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive. | ||||
| CVE-2004-1494 | 1 Kingsoft | 1 Xdict | 2025-04-03 | N/A |
| Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string. | ||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2025-04-03 | N/A |
| SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | ||||
| CVE-2004-1493 | 1 Quicksilver | 1 Master Of Orion Iii | 2025-04-03 | N/A |
| Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow. | ||||
| CVE-2004-1503 | 1 Sun | 1 Jre | 2025-04-03 | N/A |
| Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative. | ||||
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | N/A |
| The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php. | ||||
| CVE-2004-1505 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter. | ||||
| CVE-2004-1506 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. | ||||
| CVE-2004-2066 | 1 Linpha | 1 Linpha | 2025-04-03 | N/A |
| SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. | ||||
| CVE-2004-2068 | 1 Leafnode | 1 Leafnode | 2025-04-03 | N/A |
| fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers. | ||||
| CVE-2004-2070 | 1 Altiris | 1 Client Service | 2025-04-03 | N/A |
| The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. | ||||
| CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2025-04-03 | N/A |
| Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | ||||
| CVE-2004-2072 | 1 Mambo | 1 Mambo Open Source | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. | ||||
| CVE-2004-2077 | 1 Nadeo | 3 Game Engine, Trackmania, Virtual Skipper | 2025-04-03 | N/A |
| Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. | ||||
| CVE-2004-2075 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | N/A |
| Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. | ||||
| CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||